Ensure kernel and system level calls are not configured in all Kubernetes workloads

MEDIUM

Description

By nature, containers should not have or need access to system calls on a node. Disallowing this is considered best practice.

Remediation

Make sure any Kubernetes workload configurations that have 'sysctls' arguments do not have kernel level calls specified. For more information, see the Kubernetes documentation.

References:
https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/

Policy Details

Rule Reference ID: AC_K8S_0074

CSP: Kubernetes

Remediation Available: No

Domain: Identity and Access Management

Resource: kubernetes_pod

Resource Category: Compute

Resource Type: Pod

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA

Detections

Analytics