SSH server that is running inside a container may be used by attackers. If attackers gain valid credentials to a container, whether by brute force attempts or by other methods (such as phishing), they can use it to get remote access to the container by SSH.
- Not Configurable
- Service
- CronJob
- DaemonSet
- Deployment
- Job
- Pod
- ReplicaSet
- StatefulSet
This Policy checks
- If the
port
andtargetPort
is not anSSH port(22/2222)
if the resource isService
. - If all the Containers in the workload does not have
hostPort
orcontainerPort
set to anSSH port(22/2222)
.
If any of the above check fails, the resource is denied from being deployed in the cluster.