Ensure namespaces are utilized
ID: k8s-ns-usage-check
Severity: info
Author: princechaddha
Tags: cloud,devops,kubernetes,devsecops,namespaces,k8s,k8s-cluster-security
Description
Section titled “Description”Checks if Kubernetes namespaces are actively used to separate resources, which is critical for resource organization and access control.
YAML Source
Section titled “YAML Source”id: k8s-ns-usage-check
info: name: Ensure namespaces are utilized author: princechaddha severity: info description: Checks if Kubernetes namespaces are actively used to separate resources, which is critical for resource organization and access control. impact: | Lack of namespaces usage can lead to disorganized resources and potentially flawed access controls, impacting security and management. remediation: | Implement and use namespaces to organize resources within the Kubernetes cluster effectively. Define access controls and resource quotas on a per-namespace basis. reference: - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ tags: cloud,devops,kubernetes,devsecops,namespaces,k8s,k8s-cluster-security
variables: argument: "namespaces"
self-contained: truecode: - engine: - sh - bash source: | kubectl get namespaces --output=json
matchers-condition: and matchers: - type: word words: - '"items":'
- type: word words: - '"Namespace"' negative: true
extractors: - type: dsl dsl: - '"Kubernetes cluster is not utilizing " + argument'# digest: 4a0a00473045022075eae04d53affaced90ab821445c547b5fe5a37fd8de40b012363334523f57c8022100dc967ac1b68d944fdc0971286d4587deaaca50dd0b116fa601e36351d9c3beaf:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/kubernetes/security-compliance/k8s-ns-usage-check.yaml"