├── 5gsec ├── artifacthub-repo.yml ├── oai-core │ ├── ksp-core-amf-zero-trust.yaml │ ├── ksp-core-ausf-zero-trust.yaml │ ├── ksp-core-nrf-zero-trust.yaml │ ├── ksp-core-smf-zero-trust.yaml │ ├── ksp-core-udm-zero-trust.yaml │ ├── ksp-core-udr-zero-trust.yaml │ ├── ksp-core-upf-zero-trust.yaml │ ├── kyverno-core-readonly-volume-mounts.yaml │ ├── kyverno-core-restrict-sa-automount-sa-token.yaml │ ├── netpol-core-amf.yaml │ ├── netpol-core-smf.yaml │ └── netpol-core-udr.yaml ├── oai-ran │ ├── ksp-oran-cuup-zero-trust.yaml │ ├── ksp-oran-du-zero-trust.yaml │ ├── kyverno-oran-readonly-volume-mounts.yaml │ └── kyverno-oran-restrict-sa-automount-sa-token.yaml └── open5gs │ └── 1.0.0 │ ├── README.md │ ├── open5gs-AMF-ZeroTrust.yaml │ ├── open5gs-AUSF-ZeroTrust.yaml │ ├── open5gs-BSF-ZeroTrust.yaml │ ├── open5gs-NRF-ZeroTrust.yaml │ ├── open5gs-NSSF-ZeroTrust.yaml │ ├── open5gs-PCF-ZeroTrust.yaml │ ├── open5gs-SMF-ZeroTrust.yaml │ ├── open5gs-UDM-ZeroTrust.yaml │ ├── open5gs-UDR-ZeroTrust.yaml │ ├── open5gs-UPF-ZeroTrust.yaml │ └── open5gs-webui.yaml ├── CONTRIBUTING.MD ├── LICENSE ├── MySQL └── system │ └── ksp-restrict-access-mysql-server-config-files.yaml ├── README.md ├── cassandra ├── network │ ├── cnp-ingress-best-practice-cassandra-server-restrict-access-over-internet.yaml │ └── cnp-ingress-cassandra-server-access-least-privilege.yaml └── system │ ├── ksp-49362-cassandra-web.yaml │ ├── ksp-best-practice-cassandra-server-audit-jmx-password-file.yaml │ ├── ksp-best-practice-cassandra-server-audit-log-data-cache-directory.yaml │ ├── ksp-cassandra-SV-87383r1.yaml │ ├── ksp-cassandra-sv-87271r1.yaml │ └── ksp-cassandra-sv-87341r1.yaml ├── cis └── system │ ├── hsp-cis-1-1-17-controller-manager.yaml │ ├── hsp-cis-1-1-3-controller-manager-pod-block.yaml │ ├── hsp-cis-1-1-9-api-cni-files.yaml │ ├── hsp-cis-1.1.13-admin-conf-block.yaml │ ├── hsp-cis-1.1.15-scheduler-configuration-file-block.yaml │ ├── hsp-cis-1.1.20-restrict-pki-certificate.yaml │ ├── hsp-cis-1.1.5-scheduler-pod-block.yaml │ ├── hsp-cis-1.1.7-etcd-pod-block.yaml │ ├── ksp-audit-cis-apache-tomcat-1.2.yaml │ ├── ksp-audit-cis-apache-tomcat-2.1.yaml │ ├── ksp-audit-cis-apache-tomcat-2.5.yaml │ ├── ksp-audit-cis-apache-tomcat-4.1.yaml │ ├── ksp-audit-cis-apache-tomcat-4.10.yaml │ ├── ksp-audit-cis-apache-tomcat-4.12.yaml │ ├── ksp-audit-cis-apache-tomcat-4.13.yaml │ ├── ksp-audit-cis-apache-tomcat-4.14.yaml │ ├── ksp-audit-cis-apache-tomcat-4.15.yaml │ ├── ksp-audit-cis-apache-tomcat-4.5.yaml │ ├── ksp-audit-cis-apache-tomcat-4.6.yaml │ ├── ksp-audit-cis-apache-tomcat-4.7.yaml │ ├── ksp-audit-cis-apache-tomcat-4.8.yaml │ ├── ksp-audit-cis-apache-tomcat-4.9.yaml │ ├── ksp-audit-cis-apache-tomcat-logs-4.4.yaml │ ├── ksp-audit-cis-centos-8-1-1-1-1.yaml │ ├── ksp-audit-cis-centos-8-1-1-1-2.yaml │ ├── ksp-audit-cis-centos-8-1-1-1-3.yaml │ ├── ksp-audit-cis-centos-8-1-1-2-1.yaml │ ├── ksp-audit-cis-mongodb-5.1.yaml │ ├── ksp-audit-cis-mongodb-7.1.yaml │ ├── ksp-audit-cis-mongodb-7.2.yaml │ ├── ksp-audit-cis-mongodb-config-file.yaml │ ├── ksp-audit-cis-mysql-1-1.yaml │ ├── ksp-audit-cis-mysql-1-2.yaml │ ├── ksp-audit-cis-mysql-1-4.yaml │ ├── ksp-audit-cis-mysql-1-5.yaml │ ├── ksp-audit-cis-mysql-3-10.yaml │ ├── ksp-audit-cis-mysql-3-3.yaml │ ├── ksp-audit-cis-nginx-2.3.2.yaml │ ├── ksp-audit-cis-nginx-2.3.4.yaml │ ├── ksp-audit-cis-postgres-3-1-6.yaml │ ├── ksp-audit-cis-postgresql-6-3.yaml │ ├── ksp-block-cis-centos-8-1-1-4-1.yaml │ └── ksp-block-cis-mysql-1-3.yaml ├── cve ├── network │ ├── cnp-block-cve-2021-44228-log4j-rmi-access.yaml │ ├── cnp-block-elasticsearch-memory-leak-cve-2021-22145.yaml │ ├── cnp-block-elasticsearch-plain-text-password-exposure-cve-2018-3826.yaml │ ├── cnp-block-elasticsearch-sensitive-info-leak-cve-2018-3831.yaml │ └── cnp-cve-2020-13946-ingress-deny-jmx-port-exposure-externally.yaml └── system │ ├── hsp-cve-2018-15664-docker-cp-symlink-exchange.yaml │ ├── hsp-cve-2018-18955-privilege-escalation-shadow-file.yaml │ ├── hsp-cve-2019-13139-docker-build.yaml │ ├── hsp-cve-2019-14271.yaml │ ├── hsp-cve-2020-8559-bug-block.yaml │ ├── hsp-cve-2024-3094-xz-v5-6-backdoor.yaml │ ├── ksp-audit-cve-2020-8203-monitor-access-to-lodash-npm-package.yaml │ ├── ksp-audit-redos-npm-mocha-vulnerability.yaml │ ├── ksp-block-atlassian-confluence-cve-2022-26134.yaml │ ├── ksp-block-cve-2020-7729-npm-gruntjs.yaml │ ├── ksp-block-cve-2021-42342-go-ahead.yaml │ ├── ksp-block-cve-2022-0543-redis-rce.yaml │ ├── ksp-block-dirtypipe-cve-2019-19844.yaml │ ├── ksp-block-laravel-cve-2021-3129.yaml │ ├── ksp-block-mariadb-v-10-4-10-7-cve-2022-32081.yaml │ ├── ksp-block-mariadb-v-10-6-3-cve-2022-27455.yaml │ ├── ksp-block-mariadb-v-10-6-3-cve-2022-27456.yaml │ ├── ksp-block-mariadb-v-10-6-3-cve-2022-27457.yaml │ ├── ksp-block-mariadb-v-10-7-cve-2022-27386.yaml │ ├── ksp-block-mariadb-v-10-7-cve-2022-32091.yaml │ ├── ksp-block-mariadb-v-10-9-cve-2022-27444.yaml │ ├── ksp-block-mariadb-v-10-9-cve-2022-27447.yaml │ ├── ksp-block-mariadb-v-10-9-cve-2022-27448.yaml │ ├── ksp-block-mariadb-v-10-9-cve-2022-27451.yaml │ ├── ksp-block-mariadb-v-10-9-cve-2022-27452.yaml │ ├── ksp-block-pac-resolver-cve-2021-23406.yaml │ ├── ksp-cve-2019-14287-sudo-privilege-escalation.yaml │ ├── ksp-cve-2019-6446-deny-pickle-rce-on-pod.yaml │ ├── ksp-cve-2020-17530-deny-apache-struts-rce.yaml │ ├── ksp-cve-2020-24186-deny-wordpress-rce.yaml │ ├── ksp-cve-2021-20114-tcexam-directory-block.yaml │ ├── ksp-cve-2021-21389-deny-buddypress-privilege-escalation-rce.yaml │ ├── ksp-cve-2021-24499-unauthenticated-rce.yaml │ ├── ksp-cve-2021-24867-block-wordpress-supply-chain-attack.yaml │ ├── ksp-cve-2021-28169.yaml │ ├── ksp-cve-2021-39327-wordpress-plugin-bulletproof-security.yaml │ ├── ksp-cve-2021-4034-polkit-vulnerability.yaml │ ├── ksp-cve-2021-40875-gurock-testrail-sensitive-information-disclosure.yaml │ ├── ksp-cve-2021-40960.yaml │ ├── ksp-cve-2021-41277-metabase-file-inclusion.yaml │ ├── ksp-cve-2021-41381.yaml │ ├── ksp-cve-2021-41773-apache2.4.49-path-traversal-and-rce.yaml │ ├── ksp-cve-2021-43778-glpi-plugin-path-traversal.yaml │ ├── ksp-cve-2022-0185-block-container-escape.yaml │ ├── ksp-cve-2025-1974-ingress-nginx.yaml │ ├── ksp-f5-big-ip-cve-2022-1388.yaml │ ├── ksp-grafana-cve-2021-43798.yaml │ └── ksp-npm-node-ipc-cve-2022-23812.yaml ├── django ├── network │ ├── cnp-egress-django-allow-only-tcp-443.yaml │ ├── cnp-egress-django-allow-only-tcp-80.yaml │ ├── cnp-egress-django-allow-only-udp-53.yaml │ └── cnp-egress-django-hardening-policy-allow-only-default-port.yaml └── system │ ├── ksp-cve-2021-31542.yaml │ ├── ksp-django-audit-tcp-connection-from-pod.yaml │ ├── ksp-django-hardening-rule-audit-django-admin-check.yaml │ ├── ksp-django-hardening-rule-audit-django-admin-dbshell.yaml │ ├── ksp-django-hardening-rule-audit-django-admin-dumpdata.yaml │ ├── ksp-django-hardening-rule-audit-django-admin-inspectdb.yaml │ ├── ksp-django-hardening-rule-audit-pip.yaml │ ├── ksp-django-hardening-rule-audit-python-cache.yaml │ ├── ksp-django-hardening-rule-audit-settings-file.yaml │ └── ksp-django-hardening-rule-audit-urlconf-file.yaml ├── elastic ├── network │ ├── cnp-allow-only-default-elastic-ports.yaml │ ├── cnp-allow-only-kibana-elastic-connections.yaml │ ├── cnp-egress-allow-only-internal-connection-elastic.yaml │ └── cnp-ingress-allow-only-internal-connection-elastic.yaml └── system │ ├── ksp-audit-elastic-cve-2021-22145.yaml │ ├── ksp-audit-elastic-exposed-panel.yaml │ ├── ksp-audit-elasticsearch-bash-spawn.yaml │ ├── ksp-audit-elasticsearch-cve-2019-7609.yaml │ ├── ksp-audit-elasticsearch-indices.yaml │ ├── ksp-audit-elasticsearch-log-file-access.yaml │ ├── ksp-audit-elasticsearch-network-access.yaml │ └── ksp-audit-kibana-network-access.yaml ├── exposures ├── configs │ ├── cnp-ingress-deny-apache-perl-status-on-public-web.yaml │ ├── hsp-config-server-private-keys.yaml │ ├── ksp-airflow-config-block.yaml │ ├── ksp-block-bower-logs-on-public-web.yaml │ ├── ksp-cache-file-block.yaml │ ├── ksp-config-server-private-keys.yaml │ ├── ksp-deny-qdpm-info-leak-on-public-web.yaml │ ├── ksp-git-config-block.yaml │ ├── ksp-htpasswd-detection.yaml │ ├── ksp-httpd-config-file-block.yaml │ ├── ksp-laravel-env-config-block.yaml │ ├── ksp-nginx-config-block.yaml │ ├── ksp-owncloud-config-block.yaml │ ├── ksp-robomongo-credential-disclosure.yaml │ ├── ksp-samba-config-file-disclosure.yaml │ ├── ksp-svnserve-config-block.yaml │ ├── ksp-thumbsdb-disclosure-block.yaml │ ├── ksp-yii-debugger-info.yaml │ └── ksp-zend-config-block.yaml ├── info │ ├── block-clockwork-info.yaml │ ├── ksp-block-squid-analysis-reports.yaml │ └── saia-web-server-info.yaml └── logs │ ├── cnp-ingress-deny-dotnet-trace-on-public-web.yaml │ ├── ksp-error-log-block.yaml │ ├── ksp-laravel-log-file.yaml │ ├── ksp-npm-debug-log-file.yaml │ └── ksp-rails-development-log-file-block.yaml ├── golang └── system │ ├── ksp-allow-golang-generic-policy-2.yaml │ ├── ksp-allow-golang-generic-policy-3.yaml │ ├── ksp-audit-golang-big-package.yaml │ ├── ksp-audit-golang-cmd-go-package-cve-2022-23773.yaml │ ├── ksp-audit-golang-elliptic-package-cve-2022-28327.yaml │ ├── ksp-audit-golang-package-crypto.yaml │ ├── ksp-audit-golang-pem-package-cve-2022-24675.yaml │ ├── ksp-audit-golang-regexp-package-cve-2022-24921.yaml │ ├── ksp-audit-golang-unmarshal.yaml │ ├── ksp-audit-kataras-iris-golang-package.yaml │ ├── ksp-block-golang-generic-policy-1.yaml │ └── ksp-go-unsafepointer-code-injection.yaml ├── java └── system │ ├── ksp-block-spring4shell.yaml │ ├── ksp-block-virus-eduapps-sexo.yaml │ ├── ksp-block-virus-java-ghostdog.yaml │ ├── ksp-block-virus-java-hawk.yaml │ └── ksp-cve-2020-9484-privilege-escalation.yaml ├── logs └── system │ ├── ksp-logs-errors-logs.yaml │ └── ksp-logs-npm-debug.yaml ├── malware ├── network │ ├── ccnp-egress-blocking-graboid-crypto-miner-malware.yaml │ ├── cnp-deny-malware-tntbotinger-communication.yaml │ ├── cnp-egress-deny-panchan.yaml │ ├── cnp-ingress-deny-panchan.yaml │ └── cnp-ingress-deny-syslogk-malware.yaml └── system │ ├── ksp-block-linux-xorddos-trojan-process.yaml │ ├── ksp-block-panchan-malware.yaml │ ├── ksp-block-symbiote-malware-certbotx64-dnscat2.yaml │ ├── ksp-block-syslogk-malware.yaml │ ├── ksp-block-sysrv-hello-malware.yaml │ ├── ksp-bpfdoor-malware-1.yaml │ ├── ksp-bpfdoor-malware.yaml │ ├── ksp-teamtnt-tntbotinger-ddos-block.yaml │ └── ksp-xanthe-malware.yaml ├── metadata.yaml ├── misconfiguration ├── network │ └── cnp-ingress-deny-apache-server-status-on-public-web.yaml └── system │ ├── ksp-apc-service-information-block.yaml │ ├── ksp-misconfig-application-yaml.yaml │ └── ksp-misconfig-service-pwd.yaml ├── mitre ├── network │ ├── cnp-mitre-application-layer-protocol-ftp-egress.yaml │ ├── cnp-mitre-application-layer-protocol-ftp-ingress.yaml │ ├── cnp-mitre-dns-egress-allow-only-matchname.yaml │ ├── cnp-mitre-egress-application-layer-protocol-ftp.yaml │ ├── cnp-mitre-egress-deny-external-communication-from-mysql-pod.yaml │ ├── cnp-mitre-ingress-allow-mysql-pod-communication-on-3306-and-namespace.yaml │ ├── cnp-mitre-ingress-application-layer-protocol-ftp.yaml │ ├── cnp-mitre-postgres-network-ingress.yaml │ ├── cnp-mitre-t1041-deny-interpreted-procs-outbound-network-activity.yaml │ ├── cnp-mitre-t1210-ingress-block-helm-tiller-endpoint.yaml │ ├── cnp-mitre-t1496-egress-crypto-miner.yaml │ ├── cnp-mitre-t1552-egress-block-cloud-instance-metadata.yaml │ ├── cnp-mitre-t1571-ingress.yaml │ ├── cnp-mitre-t1571-mysql-ingress.yaml │ └── cnp-mitre-t1571-postgresql-ingress.yaml └── system │ ├── hsp-create-account-create-local-account.yaml │ ├── hsp-mitre-create-modify-system-process-systemd-service.yaml │ ├── hsp-mitre-crontab-audit.yaml │ ├── hsp-mitre-host-block-s-bit.yaml │ ├── hsp-mitre-persistence-bash-profile-audit.yaml │ ├── hsp-mitre-process-injection-proc-mem.yaml │ ├── hsp-mitre-ptrace-syscall.yaml │ ├── hsp-mitre-sudo-caching.yaml │ ├── hsp-mitre-t1037-004.yaml │ ├── hsp-mitre-t1210-audit-kubernetes-manifest.yaml │ ├── hsp-mitre-t1543-002.yaml │ ├── hsp-mitre-tactic-defense-evasion.yaml │ ├── hsp-network-service-scanning-n.yaml │ ├── hsp-package-repos-t1059.yaml │ ├── hsp-persistence_boot_or_logon_IS_rc_script.yaml │ ├── hsp-rename-utilities.yaml │ ├── hsp-ubuntu-proc-path-block.yaml │ ├── ksp-base16or32.yaml │ ├── ksp-bashrc.yaml │ ├── ksp-block-mysql-dump-in-pods.yaml │ ├── ksp-block-remote-copy-processes.yaml │ ├── ksp-block-sub-processes-of-netcat.yaml │ ├── ksp-block-untrusted-shell-execution.yaml │ ├── ksp-boot-or-logon-autostart-execution.yaml │ ├── ksp-check-log-clearing.yaml │ ├── ksp-cs-restrict-access-mysql-config-policy.yaml │ ├── ksp-defense-evasion-modify-system-image.yaml │ ├── ksp-detect-k8s-client-exec-in-container.yaml │ ├── ksp-discovery_account_discovery_local_account.yaml │ ├── ksp-discovery_process_discovery.yaml │ ├── ksp-impairdefence.yaml │ ├── ksp-mitre-audit-at-process.yaml │ ├── ksp-mitre-block-s-bit.yaml │ ├── ksp-mitre-boot-or-logon-autostart-execution.yaml │ ├── ksp-mitre-kinsing-cryptomining-malware-block.yaml │ ├── ksp-mitre-non-application-layer-protocol.yaml │ ├── ksp-mitre-persistence-createaccount-local-account.yaml │ ├── ksp-mitre-persistence-external-remote-services.yaml │ ├── ksp-mitre-pgsql-audit-non-pgsql.yaml │ ├── ksp-mitre-postgres-block-password-dumping.yaml │ ├── ksp-mitre-postgres-cve-2016-1255.yaml │ ├── ksp-mitre-restrict-access-mysql-server-config.yaml │ ├── ksp-mitre-system-file-analysis.yaml │ ├── ksp-mitre-system-owner-user-discovery.yaml │ ├── ksp-mitre-t1046-network-service-scanning.yaml │ ├── ksp-mitre-t1057.yaml │ ├── ksp-mitre-t1059.yaml │ ├── ksp-mitre-t1070-file-deletion.yaml │ ├── ksp-mitre-t1087-001.yaml │ ├── ksp-mitre-t1210-audit-hostname-env-token-discovery.yaml │ ├── ksp-mitre-t1222-002.yaml │ ├── ksp-mitre-t1610-tactic-execution-blocking-docker.yaml │ ├── ksp-mitre-tactic-credential-access-password-dumping.yaml │ ├── ksp-mitre-tactic-defence-evasion-hidden-files-directories.yaml │ ├── ksp-mitre-tactic-defense-evasion-root-certificate.yaml │ ├── ksp-mitre-tactic-defense-evasion.yaml │ ├── ksp-mitre-tactic-execution-remote-code-exec-in-container.yaml │ ├── ksp-mitre-tactic-presistence-kernel-modules.yaml │ ├── ksp-mitre-tactic-scheduled-job-analysis.yaml │ ├── ksp-mitre-tactic-t1070-002-defense-evasion-clear-system-log.yaml │ ├── ksp-network-service-scanning.yaml │ ├── ksp-persistence-createaccount-local-account.yaml │ ├── ksp-persistence-external-remote-services.yaml │ ├── ksp-persistence_boot_or_logon_IS_rc_script.yaml │ ├── ksp-persistence_create_or_modify_system_process_systemd_service.yaml │ ├── ksp-postgres-pg-dump.yaml │ ├── ksp-postgresql-config-dir.yaml │ ├── ksp-preload_modif.yaml │ ├── ksp-psql-block-postgresql.yaml │ ├── ksp-scheduled-job-analysis.yaml │ ├── ksp-system-file-analysis.yaml │ ├── ksp-system-owner-user-discovery.yaml │ └── ksp-unsecured_credentials_access.yaml ├── nginx ├── network │ ├── cnp-egress-nginx-hardening-rule-allow-only-port-123.yaml │ ├── cnp-egress-nginx-hardening-rule-allow-only-port-25.yaml │ ├── cnp-ingress-nginx-hardening-policy-allow-only-get-on-port-80.yaml │ ├── cnp-ingress-nginx-hardening-policy-allow-only-head-on-port-80.yaml │ └── cnp-ingress-nginx-hardening-policy-allow-only-post-on-port-80.yaml └── system │ ├── ksp-nginx-hardening-rule-audit-nginx-reload.yaml │ ├── ksp-nginx-hardening-rule-audit-nginx-stop.yaml │ ├── ksp-nginx-hardening-rule-deny-iptable-binary.yaml │ └── ksp-nginx-hardening-rule-monitor-cache-access.yaml ├── nist ├── network │ ├── cnp-nist-ac-3-3-limit-pod-egress.yaml │ ├── cnp-nist-ac-3-3-limit-pod-ingress.yaml │ ├── cnp-nist-ac-4-1-egress-allow-communication-between-associated-entities.yaml │ ├── cnp-nist-ac-4-1-ingress-allow-communication-between-associated-entities.yaml │ ├── cnp-nist-ac-4-10-ingress-deny-nodeport-communication.yaml │ ├── cnp-nist-ac-4-17-egress-allow-only-authorized-service-and-port.yaml │ ├── cnp-nist-ac-4-17-ingress-allow-only-authorized-service-and-port.yaml │ ├── cnp-nist-ac-4-2-si-4-egress-deny-access-to-cloud-metadata-service-from-container.yaml │ ├── cnp-nist-ac-4-7-egress-deny-all-outbound-commincation-except-dns.yaml │ ├── cnp-nist-ac-4-7-ingress-allow-only-outbound-commincation.yaml │ ├── cnp-nist-ca-1-allow-only-internal-connections.yaml │ ├── cnp-nist-cm-7-1-least-func-periodic-review.yaml │ ├── cnp-nist-ia-8-2-acceptance-of-external-authenticators.yaml │ ├── cnp-nist-sc-7-11-restrict-incoming-communications-traffic.yaml │ ├── cnp-nist-sc-7-5-ingress-allow-communication-between-associated-entities.yaml │ └── cnp-nist-sc-7-5-limit-pod-ingress.yaml └── system │ ├── hsp-ac-2-12-account-mangament-nist-n.yaml │ ├── hsp-ac-2-4-automated-audit-action.yaml │ ├── hsp-ca-7-4-continuous-monitoring-automation-support-for-monitoring.yaml │ ├── hsp-cm-1-configuration-management-policy-and-procedures.yaml │ ├── hsp-nist-ac-11-audit-sessionlock.yaml │ ├── hsp-nist-ac-6-10-prohibit-non-privileged-users-from-executing-privileged-functions.yaml │ ├── hsp-nist-ac-6-9-auditing-use-of-privileged-functions.yaml │ ├── hsp-nist-au-3-audit-access-to-cmdline-file.yaml │ ├── hsp-nist-au-3-audit-access-to-log-files.yaml │ ├── hsp-nist-au-3-audit-bash-config-files.yaml │ ├── hsp-nist-au-3-audit-etc-dir.yaml │ ├── hsp-nist-au-3-block-removal-of-log-files.yaml │ ├── hsp-nist-ca-9-audit-untrusted-read-on-sensitive-files.yaml │ ├── hsp-nist-cm-11-2-allow-user-installation-of-software-only-with-explicit-privileged-status.yaml │ ├── hsp-nist-cm-3-5-configuration-change-control-automated-security-response.yaml │ ├── hsp-nist-si-4-detect-execution-of-network-tools-on-host.yaml │ ├── ksp-ac-10-shared-and-group-account-credentials-change.yaml │ ├── ksp-ac-2-12-account-mangament-nist.yaml │ ├── ksp-ac-2-4-automated-audit-action.yaml │ ├── ksp-ac-3-11-access-enforcement-restrict-access-to-specific-information-types.yaml │ ├── ksp-ac-3-4-access-enforcement-discretionary-access-control-file.yaml │ ├── ksp-ac-3-4-access-enforcement-discretionary-access-control-process.yaml │ ├── ksp-au-10-non-repudiation-1.yaml │ ├── ksp-au-10-non-repudiation-2.yaml │ ├── ksp-audit-nist-7-untrusted-shell-execution-program.yaml │ ├── ksp-audit-nist-cm-6-1-linux-config-files.yaml │ ├── ksp-audit-nist-sc-23-session-authenticity.yaml │ ├── ksp-block-nist-au-8-1-sc-45-1-timestamps-sync-time-zone.yaml │ ├── ksp-block-nist-au-8-2-sc-45-2-secondary-sync-time-zone.yaml │ ├── ksp-block-nist-cm-9-config-manage.yaml │ ├── ksp-ca-7-4-continuous-monitoring-automation-support-for-monitoring.yaml │ ├── ksp-cm-1-configuration-management-policy-and-procedures.yaml │ ├── ksp-cm-7-4-least-functionality-nist.yaml │ ├── ksp-cm-9-1-configuration-management-plan.yaml │ ├── ksp-cm-9-2-configuration-management-plan.yaml │ ├── ksp-cp-10-2-system-recovery-and-reconstitution-transaction-recovery.yaml │ ├── ksp-mp-5-1-media-access.yaml │ ├── ksp-nist-3-cap-net-raw-block.yaml │ ├── ksp-nist-ac-11-sessionlock-audit-logout-scripts.yaml │ ├── ksp-nist-ac-12-1-sessions-audit.yaml │ ├── ksp-nist-ac-17-3-ssh-audit.yaml │ ├── ksp-nist-ac-17-4-remote-privileged-commands-audit.yaml │ ├── ksp-nist-ac-18-1-network-audit.yaml │ ├── ksp-nist-ac-6-1-authorize-access-to-security-functions.yaml │ ├── ksp-nist-ac-6-10-prohibit-non-privileged-users-from-executing-privileged-functions.yaml │ ├── ksp-nist-ac-6-9-auditing-use-of-privileged-functions.yaml │ ├── ksp-nist-au-12-audit-read-write-on-shell-configuration-files.yaml │ ├── ksp-nist-au-12-audit-write-below-binary-directories.yaml │ ├── ksp-nist-au-12-audit-write-below-monitored-directories.yaml │ ├── ksp-nist-au-12-block-modification-of-shell-configuration-files.yaml │ ├── ksp-nist-au-2-3-event-logging-audit.yaml │ ├── ksp-nist-au-3-audit-access-to-cmdline-file.yaml │ ├── ksp-nist-au-3-audit-access-to-log-files.yaml │ ├── ksp-nist-au-3-audit-bash-config-files.yaml │ ├── ksp-nist-au-3-audit-etc-dir.yaml │ ├── ksp-nist-au-3-block-removal-of-log-files.yaml │ ├── ksp-nist-au-6-1-process-integration-audit.yaml │ ├── ksp-nist-au-6-7-permitted-actions-audit.yaml │ ├── ksp-nist-au-7-audit-event-service-logs.yaml │ ├── ksp-nist-au-9-audit-unauthorised-access-of-auditlog-file.yaml │ ├── ksp-nist-ca-3-net-icmp-audit.yaml │ ├── ksp-nist-ca-3-net-tcp-audit.yaml │ ├── ksp-nist-ca-3-net-udp-audit.yaml │ ├── ksp-nist-ca-9-audit-untrusted-read-on-sensitive-files.yaml │ ├── ksp-nist-cm-11-2-allow-user-installation-of-software-only-with-explicit-privileged-status.yaml │ ├── ksp-nist-cm-3-5-configuration-change-control-automated-security-response.yaml │ ├── ksp-nist-cm-5-1-access-restrictions-for-change-automated-access-enforcement-and-audit-records.yaml │ ├── ksp-nist-cm-5-3-cm-14-signed-components.yaml │ ├── ksp-nist-cm-5-access-restrictions-for-change-bash-history.yaml │ ├── ksp-nist-cm-7-2-least-func-prevent-auto-exec-block.yaml │ ├── ksp-nist-cm-7-5-software-install.yaml │ ├── ksp-nist-cm-8-3-automated-unauthorized-component-detection.yaml │ ├── ksp-nist-cm-8-7-system-component-inventory-audit.yaml │ ├── ksp-nist-cp-2-8-critical-system-files.yaml │ ├── ksp-nist-ia-3-3-dynamic-address-allocation-audit.yaml │ ├── ksp-nist-ia-3-4-device-attestation-audit.yaml │ ├── ksp-nist-mp-7-media-use.yaml │ ├── ksp-nist-pam-files.yaml │ ├── ksp-nist-pe-7-access-control-for-output-devices.yaml │ ├── ksp-nist-ps-5-personnel-transfer.yaml │ ├── ksp-nist-sa-10-5-developer-configuration-management.yaml │ ├── ksp-nist-sc-13-audit-cryptograhy-key.yaml │ ├── ksp-nist-sc-39-2-process-isolation.yaml │ ├── ksp-nist-sc-6-audit-resource-allocation.yaml │ ├── ksp-nist-sc24-fail-in-known-state.yaml │ ├── ksp-nist-si-16-memory-protection.yaml │ ├── ksp-nist-si-3-8-malicious-code-protection-detect-unauthorised-command.yaml │ ├── ksp-nist-si-4-create-file-in-dev-dir.yaml │ ├── ksp-nist-si-4-detect-acess-to-cron-job-files.yaml │ ├── ksp-nist-si-4-detect-cron-job-process.yaml │ ├── ksp-nist-si-4-detect-execution-of-network-tools-inside-container.yaml │ ├── ksp-nist-si-4-detect-modify-add-cron-jobs.yaml │ ├── ksp-nist-si-4-execute-package-management-process-in-container.yaml │ ├── ksp-nist-si-4-mkdir-bin-dir.yaml │ ├── ksp-nist-si-7-1-software-firmware-information-integrity-check.yaml │ ├── ksp-nist-si-7-7-software-firmware-information-integrity-detection-response.yaml │ ├── ksp-ra-5-4-vs-discoverable-information-os-block.yaml │ ├── ksp-remote-access-audit.yaml │ ├── ksp-sc-17-public-key-infrastructure-certificates.yaml │ ├── ksp-sc-28-1-information-at-rest.yaml │ ├── ksp-sc-4-2-unauthorized-information-transfer.yaml │ └── ksp-system-information-blockwithaudit.yaml ├── npm └── system │ └── ksp-block-ua-parser-js-package.yaml ├── pci-dss ├── network │ ├── cnp-egress-pci-dss-1.2.3-cardholder.yaml │ ├── cnp-pci-dss-1.3.3-egress.yaml │ ├── cnp-pci-dss-1.3.3-ingress.yaml │ ├── cnp-pci-dss-10-ingress.yaml │ └── cnp-pci-dss-7.2.3-egress-default-deny.yaml └── system │ ├── ksp-pci-dss-10.2.1-audit-user-details.yaml │ ├── ksp-pci-dss-10.2.3.yaml │ ├── ksp-pci-dss-2.yaml │ ├── ksp-pci-dss-3.yaml │ ├── ksp-pci-dss-5.yaml │ ├── ksp-pci-dss-7.yaml │ ├── ksp-pci-dss-8-audit-utmp-file.yaml │ └── ksp-pci-dss-8.yaml ├── postgresql └── system │ └── ksp-postgresql-cve-2021-3677-unauthorized-modication-log-file.yaml ├── python ├── network │ ├── cnp-python-hardening-policy-allow-only-port-110.yaml │ ├── cnp-python-hardening-policy-allow-only-port-119.yaml │ ├── cnp-python-hardening-policy-allow-only-port-143.yaml │ ├── cnp-python-hardening-policy-allow-only-port-20.yaml │ ├── cnp-python-hardening-policy-allow-only-port-23.yaml │ ├── cnp-python-hardening-policy-allow-only-port-25.yaml │ ├── cnp-python-hardening-policy-allow-only-port-70.yaml │ └── cnp-python-hardening-policy-allow-only-port-80.yaml └── system │ ├── ksp-cve-2021-3426-python-pydoc.yaml │ ├── ksp-deny-rce-on-flask-app-pod.yaml │ ├── ksp-python-cve-2021-39182.yaml │ ├── ksp-python-hardening-rule-audit-cryptography-package.yaml │ ├── ksp-python-hardening-rule-audit-django-package.yaml │ ├── ksp-python-hardening-rule-audit-ipaddress-package.yaml │ ├── ksp-python-hardening-rule-audit-jinja2-package.yaml │ ├── ksp-python-hardening-rule-audit-pillow-package.yaml │ ├── ksp-python-hardening-rule-audit-pip.yaml │ ├── ksp-python-hardening-rule-audit-pygments-package.yaml │ ├── ksp-python-hardening-rule-audit-pyyaml-package.yaml │ ├── ksp-python-hardening-rule-audit-requests-package.yaml │ ├── ksp-python-hardening-rule-audit-url-lib.yaml │ └── ksp-python-pip-cve-2019-20916.yaml ├── ransomware └── network │ └── cnp-restrict-ingress-and-egress-traffic-Jupyter-ransomware.yaml ├── redis ├── network │ └── cnp-redis-ingress-deny-traffic-to-port-6379.yaml └── system │ ├── ksp-redis-hardening-rule-audit-redis-log-files.yaml │ └── ksp-redis-hardening-rule-audit-xautoclaim-command.yaml ├── stigs ├── network │ ├── cnp-alertsservice-port-external-access.yaml │ ├── cnp-block-stig-v-230504-firewall-default-deny-all-allow-by-exception.yaml │ ├── cnp-ingress-v-214048-pgsql.yaml │ ├── cnp-mysql-stig-v-235146.yaml │ ├── cnp-mysql-stig-v235146-block-unused-ports.yaml │ └── cnp-stigs-postgresql-port-external-access.yaml └── system │ ├── hsp-audit-stig ubuntu-20-010137-chfn.yaml │ ├── hsp-audit-stig-ubuntu-20-010136-su.yaml │ ├── hsp-audit-stig-ubuntu-20-010138-mount.yaml │ ├── hsp-audit-stig-ubuntu-20-010139-umount.yaml │ ├── hsp-audit-stig-ubuntu-20-010148-chown.yaml │ ├── hsp-audit-stig-ubuntu-20-010161-sudo.yaml │ ├── hsp-audit-stig-ubuntu-20-010162-sudoedit.yaml │ ├── hsp-audit-stig-ubuntu-20-010163-chsh.yaml │ ├── hsp-audit-stig-ubuntu-20-010164-newgrp.yaml │ ├── hsp-audit-stig-ubuntu-20-010165-chcon.yaml │ ├── hsp-audit-stig-ubuntu-20-010166-apparmor-parser.yaml │ ├── hsp-audit-stig-ubuntu-20-010168-chacl.yaml │ ├── hsp-audit-stig-ubuntu-20-010172-passwd.yaml │ ├── hsp-audit-stig-ubuntu-20-010173-unix-update.yaml │ ├── hsp-audit-stig-ubuntu-20-010174-gpasswd.yaml │ ├── hsp-audit-stig-ubuntu-20-010175-chage.yaml │ ├── hsp-audit-stig-ubuntu-20-010176-usermod.yaml │ ├── hsp-audit-stig-ubuntu-20-010177-crontab.yaml │ ├── hsp-audit-stig-ubuntu-20-010178-pam-timestamp.yaml │ ├── hsp-audit-stig-ubuntu-20-010267-sensitive-syscall.yaml │ ├── hsp-audit-stig-ubuntu-20-010297-kmod.yaml │ ├── hsp-audit-stig-ubuntu-20-010298-fdisk.yaml │ ├── hsp-audit-stig-ubuntu-20-010451-conf.yaml │ ├── hsp-block-stig-ubuntu-20-010419-log.yaml │ ├── hsp-block-stig-ubuntu-20-010422-syslog.yaml │ ├── hsp-block-stig-ubuntu-20-010427-lib.yaml │ ├── ksp-audit-cassandra-stig-v-72637.yaml │ ├── ksp-audit-cassandra-stig-v-72663-validated-cryptographic-modules.yaml │ ├── ksp-audit-cassandra-stig-v-72671.yaml │ ├── ksp-audit-fstab-file-stig-v-230520.yaml │ ├── ksp-audit-mysql-stig-v-235099-unauthorized-read-access.yaml │ ├── ksp-audit-mysql-stig-v-235153.yaml │ ├── ksp-audit-mysql-v-235149-mysql-access.yaml │ ├── ksp-audit-mysql-v-235149-mysql-network.yaml │ ├── ksp-audit-pgsql-stig-v-233616r617333-audit-non-pgsql-binaries.yaml │ ├── ksp-audit-pgsql-stig-v-233616r617333-audit-pgsql-directory.yaml │ ├── ksp-audit-rhel-v-214083.yaml │ ├── ksp-audit-rhel-v-230530-2.yaml │ ├── ksp-audit-stig-mysql-configuration-v-235114.yaml │ ├── ksp-audit-stig-psql-v-214152.yaml │ ├── ksp-audit-stig-rhel-v-230236.yaml │ ├── ksp-audit-stig-rhel-v-244546.yaml │ ├── ksp-audit-stig-v-230456-detect-fchmod-process.yaml │ ├── ksp-audit-stig-v-230456-detect-fchmodat-process.yaml │ ├── ksp-audit-stig-v-230530-monitor-dconf-profile.yaml │ ├── ksp-block-cassandra-stig-v-72679-protet-truststore-file.yaml │ ├── ksp-block-log-access-cassandra-vrealize-v-72639.yaml │ ├── ksp-block-rhel-v-230530-3.yaml │ ├── ksp-block-stig-V-230246-rhel-allow-only-root-access-to-log-files.yaml │ ├── ksp-block-stig-mongodb-v-235153-limit-access-to-db-files.yaml │ ├── ksp-block-stig-mongodb-v-235169-limit-access-to-db-files.yaml │ ├── ksp-block-stig-mongodb-v-81849.yaml │ ├── ksp-block-stig-mongodb-v-81871.yaml │ ├── ksp-block-stig-mongodb-v-81887-restrict-access-to-config-file.yaml │ ├── ksp-block-stig-mongodb-v-81887-restrict-access-to-data-directory.yaml │ ├── ksp-block-stig-mongodbv-235153-limit-access-to-db-logs.yaml │ ├── ksp-block-stig-mysql-files-access.yaml │ ├── ksp-block-stig-mysql-v-235114-file-permission.yaml │ ├── ksp-block-stig-psql-v-214082.yaml │ ├── ksp-block-stig-rhel-v-230248.yaml │ ├── ksp-block-stig-rhel-v-230283-no-shosts.equiv-files-on-rhel8.yaml │ ├── ksp-block-stig-rhel-v-230329.yaml │ ├── ksp-block-stig-rhel-v-230534-1.yaml │ ├── ksp-block-stig-rhel-v-230534-2.yaml │ ├── ksp-block-stig-rhel-v-251706.yaml │ ├── ksp-block-stig-v-230239-krb5-workstation-binary.yaml │ ├── ksp-block-stig-v-230246-rhel-allow-only-root-access-to-chown-command.yaml │ ├── ksp-block-stig-v-230284-deny-access-to-shosts-files.yaml │ ├── ksp-block-stig-v-230487-telnet-server-binary.yaml │ ├── ksp-block-stig-v-230492-rsh-server-binary.yaml │ ├── ksp-block-stig-v-230533-tftp-server-binary.yaml │ ├── ksp-block-stig-v-230558-ftp-binary.yaml │ ├── ksp-block-stig-v-235114-restrict-access-to-mysql-logs.yaml │ ├── ksp-block-stig-v-81883-restrict-access-to-config-files.yaml │ ├── ksp-block-stigs-mysql-config-directory-access.yaml │ ├── ksp-block-stigs-restrict-access-to-mysql-config-directory.yaml │ ├── ksp-block-stigs-restrict-non-mysql-binaries.yaml │ ├── ksp-stig-audit-v-81883-restrict-access-to--mongodb-binaries.yaml │ ├── ksp-stig-block-mongodb-v-235169-limit-access-to-db-configuration-file.yaml │ ├── ksp-stig-postgres-sv-233514r617333.yaml │ ├── ksp-stig-postgres-sv-233531r617333.yaml │ ├── ksp-stig-v-230456-detect-chmod-process.yaml │ ├── ksp-stigs-postgresql-config.yaml │ ├── ksp-stigs-postgresql-console.yaml │ └── ksp-stigs-postgresql-private-keys.yaml └── wordpress └── system ├── ksp-wordpress-packages-process-block.yaml ├── ksp-wordpress-wp-cli-block-users.yaml └── ksp-wordpress-wp-config-block.yaml /5gsec/artifacthub-repo.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/artifacthub-repo.yml -------------------------------------------------------------------------------- /5gsec/oai-core/ksp-core-amf-zero-trust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/ksp-core-amf-zero-trust.yaml -------------------------------------------------------------------------------- /5gsec/oai-core/ksp-core-ausf-zero-trust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/ksp-core-ausf-zero-trust.yaml -------------------------------------------------------------------------------- /5gsec/oai-core/ksp-core-nrf-zero-trust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/ksp-core-nrf-zero-trust.yaml -------------------------------------------------------------------------------- /5gsec/oai-core/ksp-core-smf-zero-trust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/ksp-core-smf-zero-trust.yaml -------------------------------------------------------------------------------- /5gsec/oai-core/ksp-core-udm-zero-trust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/ksp-core-udm-zero-trust.yaml -------------------------------------------------------------------------------- /5gsec/oai-core/ksp-core-udr-zero-trust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/ksp-core-udr-zero-trust.yaml -------------------------------------------------------------------------------- /5gsec/oai-core/ksp-core-upf-zero-trust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/ksp-core-upf-zero-trust.yaml -------------------------------------------------------------------------------- /5gsec/oai-core/kyverno-core-readonly-volume-mounts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/kyverno-core-readonly-volume-mounts.yaml -------------------------------------------------------------------------------- /5gsec/oai-core/kyverno-core-restrict-sa-automount-sa-token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/kyverno-core-restrict-sa-automount-sa-token.yaml -------------------------------------------------------------------------------- /5gsec/oai-core/netpol-core-amf.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/netpol-core-amf.yaml -------------------------------------------------------------------------------- /5gsec/oai-core/netpol-core-smf.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/netpol-core-smf.yaml -------------------------------------------------------------------------------- /5gsec/oai-core/netpol-core-udr.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-core/netpol-core-udr.yaml -------------------------------------------------------------------------------- /5gsec/oai-ran/ksp-oran-cuup-zero-trust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-ran/ksp-oran-cuup-zero-trust.yaml -------------------------------------------------------------------------------- /5gsec/oai-ran/ksp-oran-du-zero-trust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-ran/ksp-oran-du-zero-trust.yaml -------------------------------------------------------------------------------- /5gsec/oai-ran/kyverno-oran-readonly-volume-mounts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-ran/kyverno-oran-readonly-volume-mounts.yaml -------------------------------------------------------------------------------- /5gsec/oai-ran/kyverno-oran-restrict-sa-automount-sa-token.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/oai-ran/kyverno-oran-restrict-sa-automount-sa-token.yaml -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/README.md: -------------------------------------------------------------------------------- 1 | # Open5GS Zero Trust policies 2 | -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/open5gs-AMF-ZeroTrust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/open5gs/1.0.0/open5gs-AMF-ZeroTrust.yaml -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/open5gs-AUSF-ZeroTrust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/open5gs/1.0.0/open5gs-AUSF-ZeroTrust.yaml -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/open5gs-BSF-ZeroTrust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/open5gs/1.0.0/open5gs-BSF-ZeroTrust.yaml -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/open5gs-NRF-ZeroTrust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/open5gs/1.0.0/open5gs-NRF-ZeroTrust.yaml -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/open5gs-NSSF-ZeroTrust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/open5gs/1.0.0/open5gs-NSSF-ZeroTrust.yaml -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/open5gs-PCF-ZeroTrust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/open5gs/1.0.0/open5gs-PCF-ZeroTrust.yaml -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/open5gs-SMF-ZeroTrust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/open5gs/1.0.0/open5gs-SMF-ZeroTrust.yaml -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/open5gs-UDM-ZeroTrust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/open5gs/1.0.0/open5gs-UDM-ZeroTrust.yaml -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/open5gs-UDR-ZeroTrust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/open5gs/1.0.0/open5gs-UDR-ZeroTrust.yaml -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/open5gs-UPF-ZeroTrust.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/open5gs/1.0.0/open5gs-UPF-ZeroTrust.yaml -------------------------------------------------------------------------------- /5gsec/open5gs/1.0.0/open5gs-webui.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/5gsec/open5gs/1.0.0/open5gs-webui.yaml -------------------------------------------------------------------------------- /CONTRIBUTING.MD: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/CONTRIBUTING.MD -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/LICENSE -------------------------------------------------------------------------------- /MySQL/system/ksp-restrict-access-mysql-server-config-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/MySQL/system/ksp-restrict-access-mysql-server-config-files.yaml -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/README.md -------------------------------------------------------------------------------- /cassandra/network/cnp-ingress-best-practice-cassandra-server-restrict-access-over-internet.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cassandra/network/cnp-ingress-best-practice-cassandra-server-restrict-access-over-internet.yaml -------------------------------------------------------------------------------- /cassandra/network/cnp-ingress-cassandra-server-access-least-privilege.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cassandra/network/cnp-ingress-cassandra-server-access-least-privilege.yaml -------------------------------------------------------------------------------- /cassandra/system/ksp-49362-cassandra-web.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cassandra/system/ksp-49362-cassandra-web.yaml -------------------------------------------------------------------------------- /cassandra/system/ksp-best-practice-cassandra-server-audit-jmx-password-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cassandra/system/ksp-best-practice-cassandra-server-audit-jmx-password-file.yaml -------------------------------------------------------------------------------- /cassandra/system/ksp-best-practice-cassandra-server-audit-log-data-cache-directory.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cassandra/system/ksp-best-practice-cassandra-server-audit-log-data-cache-directory.yaml -------------------------------------------------------------------------------- /cassandra/system/ksp-cassandra-SV-87383r1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cassandra/system/ksp-cassandra-SV-87383r1.yaml -------------------------------------------------------------------------------- /cassandra/system/ksp-cassandra-sv-87271r1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cassandra/system/ksp-cassandra-sv-87271r1.yaml -------------------------------------------------------------------------------- /cassandra/system/ksp-cassandra-sv-87341r1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cassandra/system/ksp-cassandra-sv-87341r1.yaml -------------------------------------------------------------------------------- /cis/system/hsp-cis-1-1-17-controller-manager.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/hsp-cis-1-1-17-controller-manager.yaml -------------------------------------------------------------------------------- /cis/system/hsp-cis-1-1-3-controller-manager-pod-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/hsp-cis-1-1-3-controller-manager-pod-block.yaml -------------------------------------------------------------------------------- /cis/system/hsp-cis-1-1-9-api-cni-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/hsp-cis-1-1-9-api-cni-files.yaml -------------------------------------------------------------------------------- /cis/system/hsp-cis-1.1.13-admin-conf-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/hsp-cis-1.1.13-admin-conf-block.yaml -------------------------------------------------------------------------------- /cis/system/hsp-cis-1.1.15-scheduler-configuration-file-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/hsp-cis-1.1.15-scheduler-configuration-file-block.yaml -------------------------------------------------------------------------------- /cis/system/hsp-cis-1.1.20-restrict-pki-certificate.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/hsp-cis-1.1.20-restrict-pki-certificate.yaml -------------------------------------------------------------------------------- /cis/system/hsp-cis-1.1.5-scheduler-pod-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/hsp-cis-1.1.5-scheduler-pod-block.yaml -------------------------------------------------------------------------------- /cis/system/hsp-cis-1.1.7-etcd-pod-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/hsp-cis-1.1.7-etcd-pod-block.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-1.2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-1.2.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-2.1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-2.1.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-2.5.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-2.5.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-4.1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-4.1.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-4.10.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-4.10.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-4.12.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-4.12.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-4.13.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-4.13.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-4.14.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-4.14.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-4.15.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-4.15.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-4.5.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-4.5.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-4.6.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-4.6.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-4.7.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-4.7.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-4.8.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-4.8.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-4.9.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-4.9.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-apache-tomcat-logs-4.4.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-apache-tomcat-logs-4.4.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-centos-8-1-1-1-1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-centos-8-1-1-1-1.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-centos-8-1-1-1-2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-centos-8-1-1-1-2.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-centos-8-1-1-1-3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-centos-8-1-1-1-3.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-centos-8-1-1-2-1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-centos-8-1-1-2-1.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-mongodb-5.1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-mongodb-5.1.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-mongodb-7.1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-mongodb-7.1.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-mongodb-7.2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-mongodb-7.2.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-mongodb-config-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-mongodb-config-file.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-mysql-1-1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-mysql-1-1.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-mysql-1-2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-mysql-1-2.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-mysql-1-4.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-mysql-1-4.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-mysql-1-5.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-mysql-1-5.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-mysql-3-10.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-mysql-3-10.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-mysql-3-3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-mysql-3-3.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-nginx-2.3.2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-nginx-2.3.2.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-nginx-2.3.4.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-nginx-2.3.4.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-postgres-3-1-6.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-postgres-3-1-6.yaml -------------------------------------------------------------------------------- /cis/system/ksp-audit-cis-postgresql-6-3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-audit-cis-postgresql-6-3.yaml -------------------------------------------------------------------------------- /cis/system/ksp-block-cis-centos-8-1-1-4-1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-block-cis-centos-8-1-1-4-1.yaml -------------------------------------------------------------------------------- /cis/system/ksp-block-cis-mysql-1-3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cis/system/ksp-block-cis-mysql-1-3.yaml -------------------------------------------------------------------------------- /cve/network/cnp-block-cve-2021-44228-log4j-rmi-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/network/cnp-block-cve-2021-44228-log4j-rmi-access.yaml -------------------------------------------------------------------------------- /cve/network/cnp-block-elasticsearch-memory-leak-cve-2021-22145.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/network/cnp-block-elasticsearch-memory-leak-cve-2021-22145.yaml -------------------------------------------------------------------------------- /cve/network/cnp-block-elasticsearch-plain-text-password-exposure-cve-2018-3826.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/network/cnp-block-elasticsearch-plain-text-password-exposure-cve-2018-3826.yaml -------------------------------------------------------------------------------- /cve/network/cnp-block-elasticsearch-sensitive-info-leak-cve-2018-3831.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/network/cnp-block-elasticsearch-sensitive-info-leak-cve-2018-3831.yaml -------------------------------------------------------------------------------- /cve/network/cnp-cve-2020-13946-ingress-deny-jmx-port-exposure-externally.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/network/cnp-cve-2020-13946-ingress-deny-jmx-port-exposure-externally.yaml -------------------------------------------------------------------------------- /cve/system/hsp-cve-2018-15664-docker-cp-symlink-exchange.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/hsp-cve-2018-15664-docker-cp-symlink-exchange.yaml -------------------------------------------------------------------------------- /cve/system/hsp-cve-2018-18955-privilege-escalation-shadow-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/hsp-cve-2018-18955-privilege-escalation-shadow-file.yaml -------------------------------------------------------------------------------- /cve/system/hsp-cve-2019-13139-docker-build.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/hsp-cve-2019-13139-docker-build.yaml -------------------------------------------------------------------------------- /cve/system/hsp-cve-2019-14271.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/hsp-cve-2019-14271.yaml -------------------------------------------------------------------------------- /cve/system/hsp-cve-2020-8559-bug-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/hsp-cve-2020-8559-bug-block.yaml -------------------------------------------------------------------------------- /cve/system/hsp-cve-2024-3094-xz-v5-6-backdoor.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/hsp-cve-2024-3094-xz-v5-6-backdoor.yaml -------------------------------------------------------------------------------- /cve/system/ksp-audit-cve-2020-8203-monitor-access-to-lodash-npm-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-audit-cve-2020-8203-monitor-access-to-lodash-npm-package.yaml -------------------------------------------------------------------------------- /cve/system/ksp-audit-redos-npm-mocha-vulnerability.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-audit-redos-npm-mocha-vulnerability.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-atlassian-confluence-cve-2022-26134.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-atlassian-confluence-cve-2022-26134.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-cve-2020-7729-npm-gruntjs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-cve-2020-7729-npm-gruntjs.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-cve-2021-42342-go-ahead.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-cve-2021-42342-go-ahead.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-cve-2022-0543-redis-rce.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-cve-2022-0543-redis-rce.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-dirtypipe-cve-2019-19844.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-dirtypipe-cve-2019-19844.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-laravel-cve-2021-3129.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-laravel-cve-2021-3129.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-mariadb-v-10-4-10-7-cve-2022-32081.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-mariadb-v-10-4-10-7-cve-2022-32081.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-mariadb-v-10-6-3-cve-2022-27455.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-mariadb-v-10-6-3-cve-2022-27455.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-mariadb-v-10-6-3-cve-2022-27456.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-mariadb-v-10-6-3-cve-2022-27456.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-mariadb-v-10-6-3-cve-2022-27457.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-mariadb-v-10-6-3-cve-2022-27457.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-mariadb-v-10-7-cve-2022-27386.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-mariadb-v-10-7-cve-2022-27386.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-mariadb-v-10-7-cve-2022-32091.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-mariadb-v-10-7-cve-2022-32091.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-mariadb-v-10-9-cve-2022-27444.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-mariadb-v-10-9-cve-2022-27444.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-mariadb-v-10-9-cve-2022-27447.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-mariadb-v-10-9-cve-2022-27447.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-mariadb-v-10-9-cve-2022-27448.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-mariadb-v-10-9-cve-2022-27448.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-mariadb-v-10-9-cve-2022-27451.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-mariadb-v-10-9-cve-2022-27451.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-mariadb-v-10-9-cve-2022-27452.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-mariadb-v-10-9-cve-2022-27452.yaml -------------------------------------------------------------------------------- /cve/system/ksp-block-pac-resolver-cve-2021-23406.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-block-pac-resolver-cve-2021-23406.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2019-14287-sudo-privilege-escalation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2019-14287-sudo-privilege-escalation.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2019-6446-deny-pickle-rce-on-pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2019-6446-deny-pickle-rce-on-pod.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2020-17530-deny-apache-struts-rce.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2020-17530-deny-apache-struts-rce.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2020-24186-deny-wordpress-rce.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2020-24186-deny-wordpress-rce.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-20114-tcexam-directory-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-20114-tcexam-directory-block.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-21389-deny-buddypress-privilege-escalation-rce.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-21389-deny-buddypress-privilege-escalation-rce.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-24499-unauthenticated-rce.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-24499-unauthenticated-rce.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-24867-block-wordpress-supply-chain-attack.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-24867-block-wordpress-supply-chain-attack.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-28169.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-28169.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-39327-wordpress-plugin-bulletproof-security.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-39327-wordpress-plugin-bulletproof-security.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-4034-polkit-vulnerability.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-4034-polkit-vulnerability.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-40875-gurock-testrail-sensitive-information-disclosure.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-40875-gurock-testrail-sensitive-information-disclosure.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-40960.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-40960.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-41277-metabase-file-inclusion.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-41277-metabase-file-inclusion.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-41381.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-41381.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-41773-apache2.4.49-path-traversal-and-rce.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-41773-apache2.4.49-path-traversal-and-rce.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2021-43778-glpi-plugin-path-traversal.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2021-43778-glpi-plugin-path-traversal.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2022-0185-block-container-escape.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2022-0185-block-container-escape.yaml -------------------------------------------------------------------------------- /cve/system/ksp-cve-2025-1974-ingress-nginx.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-cve-2025-1974-ingress-nginx.yaml -------------------------------------------------------------------------------- /cve/system/ksp-f5-big-ip-cve-2022-1388.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-f5-big-ip-cve-2022-1388.yaml -------------------------------------------------------------------------------- /cve/system/ksp-grafana-cve-2021-43798.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-grafana-cve-2021-43798.yaml -------------------------------------------------------------------------------- /cve/system/ksp-npm-node-ipc-cve-2022-23812.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/cve/system/ksp-npm-node-ipc-cve-2022-23812.yaml -------------------------------------------------------------------------------- /django/network/cnp-egress-django-allow-only-tcp-443.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/network/cnp-egress-django-allow-only-tcp-443.yaml -------------------------------------------------------------------------------- /django/network/cnp-egress-django-allow-only-tcp-80.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/network/cnp-egress-django-allow-only-tcp-80.yaml -------------------------------------------------------------------------------- /django/network/cnp-egress-django-allow-only-udp-53.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/network/cnp-egress-django-allow-only-udp-53.yaml -------------------------------------------------------------------------------- /django/network/cnp-egress-django-hardening-policy-allow-only-default-port.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/network/cnp-egress-django-hardening-policy-allow-only-default-port.yaml -------------------------------------------------------------------------------- /django/system/ksp-cve-2021-31542.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/system/ksp-cve-2021-31542.yaml -------------------------------------------------------------------------------- /django/system/ksp-django-audit-tcp-connection-from-pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/system/ksp-django-audit-tcp-connection-from-pod.yaml -------------------------------------------------------------------------------- /django/system/ksp-django-hardening-rule-audit-django-admin-check.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/system/ksp-django-hardening-rule-audit-django-admin-check.yaml -------------------------------------------------------------------------------- /django/system/ksp-django-hardening-rule-audit-django-admin-dbshell.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/system/ksp-django-hardening-rule-audit-django-admin-dbshell.yaml -------------------------------------------------------------------------------- /django/system/ksp-django-hardening-rule-audit-django-admin-dumpdata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/system/ksp-django-hardening-rule-audit-django-admin-dumpdata.yaml -------------------------------------------------------------------------------- /django/system/ksp-django-hardening-rule-audit-django-admin-inspectdb.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/system/ksp-django-hardening-rule-audit-django-admin-inspectdb.yaml -------------------------------------------------------------------------------- /django/system/ksp-django-hardening-rule-audit-pip.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/system/ksp-django-hardening-rule-audit-pip.yaml -------------------------------------------------------------------------------- /django/system/ksp-django-hardening-rule-audit-python-cache.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/system/ksp-django-hardening-rule-audit-python-cache.yaml -------------------------------------------------------------------------------- /django/system/ksp-django-hardening-rule-audit-settings-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/system/ksp-django-hardening-rule-audit-settings-file.yaml -------------------------------------------------------------------------------- /django/system/ksp-django-hardening-rule-audit-urlconf-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/django/system/ksp-django-hardening-rule-audit-urlconf-file.yaml -------------------------------------------------------------------------------- /elastic/network/cnp-allow-only-default-elastic-ports.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/network/cnp-allow-only-default-elastic-ports.yaml -------------------------------------------------------------------------------- /elastic/network/cnp-allow-only-kibana-elastic-connections.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/network/cnp-allow-only-kibana-elastic-connections.yaml -------------------------------------------------------------------------------- /elastic/network/cnp-egress-allow-only-internal-connection-elastic.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/network/cnp-egress-allow-only-internal-connection-elastic.yaml -------------------------------------------------------------------------------- /elastic/network/cnp-ingress-allow-only-internal-connection-elastic.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/network/cnp-ingress-allow-only-internal-connection-elastic.yaml -------------------------------------------------------------------------------- /elastic/system/ksp-audit-elastic-cve-2021-22145.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/system/ksp-audit-elastic-cve-2021-22145.yaml -------------------------------------------------------------------------------- /elastic/system/ksp-audit-elastic-exposed-panel.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/system/ksp-audit-elastic-exposed-panel.yaml -------------------------------------------------------------------------------- /elastic/system/ksp-audit-elasticsearch-bash-spawn.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/system/ksp-audit-elasticsearch-bash-spawn.yaml -------------------------------------------------------------------------------- /elastic/system/ksp-audit-elasticsearch-cve-2019-7609.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/system/ksp-audit-elasticsearch-cve-2019-7609.yaml -------------------------------------------------------------------------------- /elastic/system/ksp-audit-elasticsearch-indices.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/system/ksp-audit-elasticsearch-indices.yaml -------------------------------------------------------------------------------- /elastic/system/ksp-audit-elasticsearch-log-file-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/system/ksp-audit-elasticsearch-log-file-access.yaml -------------------------------------------------------------------------------- /elastic/system/ksp-audit-elasticsearch-network-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/system/ksp-audit-elasticsearch-network-access.yaml -------------------------------------------------------------------------------- /elastic/system/ksp-audit-kibana-network-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/elastic/system/ksp-audit-kibana-network-access.yaml -------------------------------------------------------------------------------- /exposures/configs/cnp-ingress-deny-apache-perl-status-on-public-web.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/cnp-ingress-deny-apache-perl-status-on-public-web.yaml -------------------------------------------------------------------------------- /exposures/configs/hsp-config-server-private-keys.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/hsp-config-server-private-keys.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-airflow-config-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-airflow-config-block.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-block-bower-logs-on-public-web.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-block-bower-logs-on-public-web.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-cache-file-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-cache-file-block.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-config-server-private-keys.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-config-server-private-keys.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-deny-qdpm-info-leak-on-public-web.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-deny-qdpm-info-leak-on-public-web.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-git-config-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-git-config-block.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-htpasswd-detection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-htpasswd-detection.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-httpd-config-file-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-httpd-config-file-block.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-laravel-env-config-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-laravel-env-config-block.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-nginx-config-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-nginx-config-block.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-owncloud-config-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-owncloud-config-block.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-robomongo-credential-disclosure.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-robomongo-credential-disclosure.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-samba-config-file-disclosure.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-samba-config-file-disclosure.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-svnserve-config-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-svnserve-config-block.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-thumbsdb-disclosure-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-thumbsdb-disclosure-block.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-yii-debugger-info.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-yii-debugger-info.yaml -------------------------------------------------------------------------------- /exposures/configs/ksp-zend-config-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/configs/ksp-zend-config-block.yaml -------------------------------------------------------------------------------- /exposures/info/block-clockwork-info.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/info/block-clockwork-info.yaml -------------------------------------------------------------------------------- /exposures/info/ksp-block-squid-analysis-reports.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/info/ksp-block-squid-analysis-reports.yaml -------------------------------------------------------------------------------- /exposures/info/saia-web-server-info.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/info/saia-web-server-info.yaml -------------------------------------------------------------------------------- /exposures/logs/cnp-ingress-deny-dotnet-trace-on-public-web.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/logs/cnp-ingress-deny-dotnet-trace-on-public-web.yaml -------------------------------------------------------------------------------- /exposures/logs/ksp-error-log-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/logs/ksp-error-log-block.yaml -------------------------------------------------------------------------------- /exposures/logs/ksp-laravel-log-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/logs/ksp-laravel-log-file.yaml -------------------------------------------------------------------------------- /exposures/logs/ksp-npm-debug-log-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/logs/ksp-npm-debug-log-file.yaml -------------------------------------------------------------------------------- /exposures/logs/ksp-rails-development-log-file-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/exposures/logs/ksp-rails-development-log-file-block.yaml -------------------------------------------------------------------------------- /golang/system/ksp-allow-golang-generic-policy-2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-allow-golang-generic-policy-2.yaml -------------------------------------------------------------------------------- /golang/system/ksp-allow-golang-generic-policy-3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-allow-golang-generic-policy-3.yaml -------------------------------------------------------------------------------- /golang/system/ksp-audit-golang-big-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-audit-golang-big-package.yaml -------------------------------------------------------------------------------- /golang/system/ksp-audit-golang-cmd-go-package-cve-2022-23773.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-audit-golang-cmd-go-package-cve-2022-23773.yaml -------------------------------------------------------------------------------- /golang/system/ksp-audit-golang-elliptic-package-cve-2022-28327.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-audit-golang-elliptic-package-cve-2022-28327.yaml -------------------------------------------------------------------------------- /golang/system/ksp-audit-golang-package-crypto.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-audit-golang-package-crypto.yaml -------------------------------------------------------------------------------- /golang/system/ksp-audit-golang-pem-package-cve-2022-24675.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-audit-golang-pem-package-cve-2022-24675.yaml -------------------------------------------------------------------------------- /golang/system/ksp-audit-golang-regexp-package-cve-2022-24921.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-audit-golang-regexp-package-cve-2022-24921.yaml -------------------------------------------------------------------------------- /golang/system/ksp-audit-golang-unmarshal.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-audit-golang-unmarshal.yaml -------------------------------------------------------------------------------- /golang/system/ksp-audit-kataras-iris-golang-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-audit-kataras-iris-golang-package.yaml -------------------------------------------------------------------------------- /golang/system/ksp-block-golang-generic-policy-1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-block-golang-generic-policy-1.yaml -------------------------------------------------------------------------------- /golang/system/ksp-go-unsafepointer-code-injection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/golang/system/ksp-go-unsafepointer-code-injection.yaml -------------------------------------------------------------------------------- /java/system/ksp-block-spring4shell.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/java/system/ksp-block-spring4shell.yaml -------------------------------------------------------------------------------- /java/system/ksp-block-virus-eduapps-sexo.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/java/system/ksp-block-virus-eduapps-sexo.yaml -------------------------------------------------------------------------------- /java/system/ksp-block-virus-java-ghostdog.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/java/system/ksp-block-virus-java-ghostdog.yaml -------------------------------------------------------------------------------- /java/system/ksp-block-virus-java-hawk.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/java/system/ksp-block-virus-java-hawk.yaml -------------------------------------------------------------------------------- /java/system/ksp-cve-2020-9484-privilege-escalation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/java/system/ksp-cve-2020-9484-privilege-escalation.yaml -------------------------------------------------------------------------------- /logs/system/ksp-logs-errors-logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/logs/system/ksp-logs-errors-logs.yaml -------------------------------------------------------------------------------- /logs/system/ksp-logs-npm-debug.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/logs/system/ksp-logs-npm-debug.yaml -------------------------------------------------------------------------------- /malware/network/ccnp-egress-blocking-graboid-crypto-miner-malware.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/network/ccnp-egress-blocking-graboid-crypto-miner-malware.yaml -------------------------------------------------------------------------------- /malware/network/cnp-deny-malware-tntbotinger-communication.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/network/cnp-deny-malware-tntbotinger-communication.yaml -------------------------------------------------------------------------------- /malware/network/cnp-egress-deny-panchan.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/network/cnp-egress-deny-panchan.yaml -------------------------------------------------------------------------------- /malware/network/cnp-ingress-deny-panchan.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/network/cnp-ingress-deny-panchan.yaml -------------------------------------------------------------------------------- /malware/network/cnp-ingress-deny-syslogk-malware.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/network/cnp-ingress-deny-syslogk-malware.yaml -------------------------------------------------------------------------------- /malware/system/ksp-block-linux-xorddos-trojan-process.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/system/ksp-block-linux-xorddos-trojan-process.yaml -------------------------------------------------------------------------------- /malware/system/ksp-block-panchan-malware.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/system/ksp-block-panchan-malware.yaml -------------------------------------------------------------------------------- /malware/system/ksp-block-symbiote-malware-certbotx64-dnscat2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/system/ksp-block-symbiote-malware-certbotx64-dnscat2.yaml -------------------------------------------------------------------------------- /malware/system/ksp-block-syslogk-malware.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/system/ksp-block-syslogk-malware.yaml -------------------------------------------------------------------------------- /malware/system/ksp-block-sysrv-hello-malware.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/system/ksp-block-sysrv-hello-malware.yaml -------------------------------------------------------------------------------- /malware/system/ksp-bpfdoor-malware-1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/system/ksp-bpfdoor-malware-1.yaml -------------------------------------------------------------------------------- /malware/system/ksp-bpfdoor-malware.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/system/ksp-bpfdoor-malware.yaml -------------------------------------------------------------------------------- /malware/system/ksp-teamtnt-tntbotinger-ddos-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/system/ksp-teamtnt-tntbotinger-ddos-block.yaml -------------------------------------------------------------------------------- /malware/system/ksp-xanthe-malware.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/malware/system/ksp-xanthe-malware.yaml -------------------------------------------------------------------------------- /metadata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/metadata.yaml -------------------------------------------------------------------------------- /misconfiguration/network/cnp-ingress-deny-apache-server-status-on-public-web.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/misconfiguration/network/cnp-ingress-deny-apache-server-status-on-public-web.yaml -------------------------------------------------------------------------------- /misconfiguration/system/ksp-apc-service-information-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/misconfiguration/system/ksp-apc-service-information-block.yaml -------------------------------------------------------------------------------- /misconfiguration/system/ksp-misconfig-application-yaml.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/misconfiguration/system/ksp-misconfig-application-yaml.yaml -------------------------------------------------------------------------------- /misconfiguration/system/ksp-misconfig-service-pwd.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/misconfiguration/system/ksp-misconfig-service-pwd.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-application-layer-protocol-ftp-egress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-application-layer-protocol-ftp-egress.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-application-layer-protocol-ftp-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-application-layer-protocol-ftp-ingress.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-dns-egress-allow-only-matchname.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-dns-egress-allow-only-matchname.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-egress-application-layer-protocol-ftp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-egress-application-layer-protocol-ftp.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-egress-deny-external-communication-from-mysql-pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-egress-deny-external-communication-from-mysql-pod.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-ingress-allow-mysql-pod-communication-on-3306-and-namespace.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-ingress-allow-mysql-pod-communication-on-3306-and-namespace.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-ingress-application-layer-protocol-ftp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-ingress-application-layer-protocol-ftp.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-postgres-network-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-postgres-network-ingress.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-t1041-deny-interpreted-procs-outbound-network-activity.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-t1041-deny-interpreted-procs-outbound-network-activity.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-t1210-ingress-block-helm-tiller-endpoint.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-t1210-ingress-block-helm-tiller-endpoint.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-t1496-egress-crypto-miner.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-t1496-egress-crypto-miner.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-t1552-egress-block-cloud-instance-metadata.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-t1552-egress-block-cloud-instance-metadata.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-t1571-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-t1571-ingress.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-t1571-mysql-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-t1571-mysql-ingress.yaml -------------------------------------------------------------------------------- /mitre/network/cnp-mitre-t1571-postgresql-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/network/cnp-mitre-t1571-postgresql-ingress.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-create-account-create-local-account.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-create-account-create-local-account.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-mitre-create-modify-system-process-systemd-service.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-mitre-create-modify-system-process-systemd-service.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-mitre-crontab-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-mitre-crontab-audit.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-mitre-host-block-s-bit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-mitre-host-block-s-bit.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-mitre-persistence-bash-profile-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-mitre-persistence-bash-profile-audit.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-mitre-process-injection-proc-mem.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-mitre-process-injection-proc-mem.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-mitre-ptrace-syscall.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-mitre-ptrace-syscall.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-mitre-sudo-caching.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-mitre-sudo-caching.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-mitre-t1037-004.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-mitre-t1037-004.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-mitre-t1210-audit-kubernetes-manifest.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-mitre-t1210-audit-kubernetes-manifest.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-mitre-t1543-002.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-mitre-t1543-002.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-mitre-tactic-defense-evasion.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-mitre-tactic-defense-evasion.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-network-service-scanning-n.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-network-service-scanning-n.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-package-repos-t1059.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-package-repos-t1059.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-persistence_boot_or_logon_IS_rc_script.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-persistence_boot_or_logon_IS_rc_script.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-rename-utilities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-rename-utilities.yaml -------------------------------------------------------------------------------- /mitre/system/hsp-ubuntu-proc-path-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/hsp-ubuntu-proc-path-block.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-base16or32.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-base16or32.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-bashrc.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-bashrc.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-block-mysql-dump-in-pods.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-block-mysql-dump-in-pods.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-block-remote-copy-processes.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-block-remote-copy-processes.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-block-sub-processes-of-netcat.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-block-sub-processes-of-netcat.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-block-untrusted-shell-execution.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-block-untrusted-shell-execution.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-boot-or-logon-autostart-execution.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-boot-or-logon-autostart-execution.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-check-log-clearing.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-check-log-clearing.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-cs-restrict-access-mysql-config-policy.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-cs-restrict-access-mysql-config-policy.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-defense-evasion-modify-system-image.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-defense-evasion-modify-system-image.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-detect-k8s-client-exec-in-container.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-detect-k8s-client-exec-in-container.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-discovery_account_discovery_local_account.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-discovery_account_discovery_local_account.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-discovery_process_discovery.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-discovery_process_discovery.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-impairdefence.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-impairdefence.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-audit-at-process.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-audit-at-process.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-block-s-bit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-block-s-bit.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-boot-or-logon-autostart-execution.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-boot-or-logon-autostart-execution.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-kinsing-cryptomining-malware-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-kinsing-cryptomining-malware-block.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-non-application-layer-protocol.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-non-application-layer-protocol.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-persistence-createaccount-local-account.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-persistence-createaccount-local-account.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-persistence-external-remote-services.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-persistence-external-remote-services.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-pgsql-audit-non-pgsql.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-pgsql-audit-non-pgsql.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-postgres-block-password-dumping.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-postgres-block-password-dumping.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-postgres-cve-2016-1255.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-postgres-cve-2016-1255.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-restrict-access-mysql-server-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-restrict-access-mysql-server-config.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-system-file-analysis.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-system-file-analysis.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-system-owner-user-discovery.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-system-owner-user-discovery.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-t1046-network-service-scanning.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-t1046-network-service-scanning.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-t1057.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-t1057.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-t1059.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-t1059.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-t1070-file-deletion.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-t1070-file-deletion.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-t1087-001.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-t1087-001.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-t1210-audit-hostname-env-token-discovery.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-t1210-audit-hostname-env-token-discovery.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-t1222-002.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-t1222-002.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-t1610-tactic-execution-blocking-docker.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-t1610-tactic-execution-blocking-docker.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-tactic-credential-access-password-dumping.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-tactic-credential-access-password-dumping.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-tactic-defence-evasion-hidden-files-directories.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-tactic-defence-evasion-hidden-files-directories.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-tactic-defense-evasion-root-certificate.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-tactic-defense-evasion-root-certificate.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-tactic-defense-evasion.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-tactic-defense-evasion.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-tactic-execution-remote-code-exec-in-container.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-tactic-execution-remote-code-exec-in-container.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-tactic-presistence-kernel-modules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-tactic-presistence-kernel-modules.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-tactic-scheduled-job-analysis.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-tactic-scheduled-job-analysis.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-mitre-tactic-t1070-002-defense-evasion-clear-system-log.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-mitre-tactic-t1070-002-defense-evasion-clear-system-log.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-network-service-scanning.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-network-service-scanning.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-persistence-createaccount-local-account.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-persistence-createaccount-local-account.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-persistence-external-remote-services.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-persistence-external-remote-services.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-persistence_boot_or_logon_IS_rc_script.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-persistence_boot_or_logon_IS_rc_script.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-persistence_create_or_modify_system_process_systemd_service.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-persistence_create_or_modify_system_process_systemd_service.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-postgres-pg-dump.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-postgres-pg-dump.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-postgresql-config-dir.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-postgresql-config-dir.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-preload_modif.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-preload_modif.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-psql-block-postgresql.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-psql-block-postgresql.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-scheduled-job-analysis.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-scheduled-job-analysis.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-system-file-analysis.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-system-file-analysis.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-system-owner-user-discovery.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-system-owner-user-discovery.yaml -------------------------------------------------------------------------------- /mitre/system/ksp-unsecured_credentials_access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/mitre/system/ksp-unsecured_credentials_access.yaml -------------------------------------------------------------------------------- /nginx/network/cnp-egress-nginx-hardening-rule-allow-only-port-123.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nginx/network/cnp-egress-nginx-hardening-rule-allow-only-port-123.yaml -------------------------------------------------------------------------------- /nginx/network/cnp-egress-nginx-hardening-rule-allow-only-port-25.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nginx/network/cnp-egress-nginx-hardening-rule-allow-only-port-25.yaml -------------------------------------------------------------------------------- /nginx/network/cnp-ingress-nginx-hardening-policy-allow-only-get-on-port-80.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nginx/network/cnp-ingress-nginx-hardening-policy-allow-only-get-on-port-80.yaml -------------------------------------------------------------------------------- /nginx/network/cnp-ingress-nginx-hardening-policy-allow-only-head-on-port-80.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nginx/network/cnp-ingress-nginx-hardening-policy-allow-only-head-on-port-80.yaml -------------------------------------------------------------------------------- /nginx/network/cnp-ingress-nginx-hardening-policy-allow-only-post-on-port-80.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nginx/network/cnp-ingress-nginx-hardening-policy-allow-only-post-on-port-80.yaml -------------------------------------------------------------------------------- /nginx/system/ksp-nginx-hardening-rule-audit-nginx-reload.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nginx/system/ksp-nginx-hardening-rule-audit-nginx-reload.yaml -------------------------------------------------------------------------------- /nginx/system/ksp-nginx-hardening-rule-audit-nginx-stop.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nginx/system/ksp-nginx-hardening-rule-audit-nginx-stop.yaml -------------------------------------------------------------------------------- /nginx/system/ksp-nginx-hardening-rule-deny-iptable-binary.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nginx/system/ksp-nginx-hardening-rule-deny-iptable-binary.yaml -------------------------------------------------------------------------------- /nginx/system/ksp-nginx-hardening-rule-monitor-cache-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nginx/system/ksp-nginx-hardening-rule-monitor-cache-access.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ac-3-3-limit-pod-egress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ac-3-3-limit-pod-egress.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ac-3-3-limit-pod-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ac-3-3-limit-pod-ingress.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ac-4-1-egress-allow-communication-between-associated-entities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ac-4-1-egress-allow-communication-between-associated-entities.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ac-4-1-ingress-allow-communication-between-associated-entities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ac-4-1-ingress-allow-communication-between-associated-entities.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ac-4-10-ingress-deny-nodeport-communication.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ac-4-10-ingress-deny-nodeport-communication.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ac-4-17-egress-allow-only-authorized-service-and-port.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ac-4-17-egress-allow-only-authorized-service-and-port.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ac-4-17-ingress-allow-only-authorized-service-and-port.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ac-4-17-ingress-allow-only-authorized-service-and-port.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ac-4-2-si-4-egress-deny-access-to-cloud-metadata-service-from-container.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ac-4-2-si-4-egress-deny-access-to-cloud-metadata-service-from-container.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ac-4-7-egress-deny-all-outbound-commincation-except-dns.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ac-4-7-egress-deny-all-outbound-commincation-except-dns.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ac-4-7-ingress-allow-only-outbound-commincation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ac-4-7-ingress-allow-only-outbound-commincation.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ca-1-allow-only-internal-connections.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ca-1-allow-only-internal-connections.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-cm-7-1-least-func-periodic-review.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-cm-7-1-least-func-periodic-review.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-ia-8-2-acceptance-of-external-authenticators.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-ia-8-2-acceptance-of-external-authenticators.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-sc-7-11-restrict-incoming-communications-traffic.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-sc-7-11-restrict-incoming-communications-traffic.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-sc-7-5-ingress-allow-communication-between-associated-entities.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-sc-7-5-ingress-allow-communication-between-associated-entities.yaml -------------------------------------------------------------------------------- /nist/network/cnp-nist-sc-7-5-limit-pod-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/network/cnp-nist-sc-7-5-limit-pod-ingress.yaml -------------------------------------------------------------------------------- /nist/system/hsp-ac-2-12-account-mangament-nist-n.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-ac-2-12-account-mangament-nist-n.yaml -------------------------------------------------------------------------------- /nist/system/hsp-ac-2-4-automated-audit-action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-ac-2-4-automated-audit-action.yaml -------------------------------------------------------------------------------- /nist/system/hsp-ca-7-4-continuous-monitoring-automation-support-for-monitoring.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-ca-7-4-continuous-monitoring-automation-support-for-monitoring.yaml -------------------------------------------------------------------------------- /nist/system/hsp-cm-1-configuration-management-policy-and-procedures.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-cm-1-configuration-management-policy-and-procedures.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-ac-11-audit-sessionlock.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-ac-11-audit-sessionlock.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-ac-6-10-prohibit-non-privileged-users-from-executing-privileged-functions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-ac-6-10-prohibit-non-privileged-users-from-executing-privileged-functions.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-ac-6-9-auditing-use-of-privileged-functions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-ac-6-9-auditing-use-of-privileged-functions.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-au-3-audit-access-to-cmdline-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-au-3-audit-access-to-cmdline-file.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-au-3-audit-access-to-log-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-au-3-audit-access-to-log-files.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-au-3-audit-bash-config-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-au-3-audit-bash-config-files.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-au-3-audit-etc-dir.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-au-3-audit-etc-dir.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-au-3-block-removal-of-log-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-au-3-block-removal-of-log-files.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-ca-9-audit-untrusted-read-on-sensitive-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-ca-9-audit-untrusted-read-on-sensitive-files.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-cm-11-2-allow-user-installation-of-software-only-with-explicit-privileged-status.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-cm-11-2-allow-user-installation-of-software-only-with-explicit-privileged-status.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-cm-3-5-configuration-change-control-automated-security-response.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-cm-3-5-configuration-change-control-automated-security-response.yaml -------------------------------------------------------------------------------- /nist/system/hsp-nist-si-4-detect-execution-of-network-tools-on-host.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/hsp-nist-si-4-detect-execution-of-network-tools-on-host.yaml -------------------------------------------------------------------------------- /nist/system/ksp-ac-10-shared-and-group-account-credentials-change.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-ac-10-shared-and-group-account-credentials-change.yaml -------------------------------------------------------------------------------- /nist/system/ksp-ac-2-12-account-mangament-nist.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-ac-2-12-account-mangament-nist.yaml -------------------------------------------------------------------------------- /nist/system/ksp-ac-2-4-automated-audit-action.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-ac-2-4-automated-audit-action.yaml -------------------------------------------------------------------------------- /nist/system/ksp-ac-3-11-access-enforcement-restrict-access-to-specific-information-types.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-ac-3-11-access-enforcement-restrict-access-to-specific-information-types.yaml -------------------------------------------------------------------------------- /nist/system/ksp-ac-3-4-access-enforcement-discretionary-access-control-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-ac-3-4-access-enforcement-discretionary-access-control-file.yaml -------------------------------------------------------------------------------- /nist/system/ksp-ac-3-4-access-enforcement-discretionary-access-control-process.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-ac-3-4-access-enforcement-discretionary-access-control-process.yaml -------------------------------------------------------------------------------- /nist/system/ksp-au-10-non-repudiation-1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-au-10-non-repudiation-1.yaml -------------------------------------------------------------------------------- /nist/system/ksp-au-10-non-repudiation-2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-au-10-non-repudiation-2.yaml -------------------------------------------------------------------------------- /nist/system/ksp-audit-nist-7-untrusted-shell-execution-program.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-audit-nist-7-untrusted-shell-execution-program.yaml -------------------------------------------------------------------------------- /nist/system/ksp-audit-nist-cm-6-1-linux-config-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-audit-nist-cm-6-1-linux-config-files.yaml -------------------------------------------------------------------------------- /nist/system/ksp-audit-nist-sc-23-session-authenticity.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-audit-nist-sc-23-session-authenticity.yaml -------------------------------------------------------------------------------- /nist/system/ksp-block-nist-au-8-1-sc-45-1-timestamps-sync-time-zone.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-block-nist-au-8-1-sc-45-1-timestamps-sync-time-zone.yaml -------------------------------------------------------------------------------- /nist/system/ksp-block-nist-au-8-2-sc-45-2-secondary-sync-time-zone.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-block-nist-au-8-2-sc-45-2-secondary-sync-time-zone.yaml -------------------------------------------------------------------------------- /nist/system/ksp-block-nist-cm-9-config-manage.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-block-nist-cm-9-config-manage.yaml -------------------------------------------------------------------------------- /nist/system/ksp-ca-7-4-continuous-monitoring-automation-support-for-monitoring.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-ca-7-4-continuous-monitoring-automation-support-for-monitoring.yaml -------------------------------------------------------------------------------- /nist/system/ksp-cm-1-configuration-management-policy-and-procedures.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-cm-1-configuration-management-policy-and-procedures.yaml -------------------------------------------------------------------------------- /nist/system/ksp-cm-7-4-least-functionality-nist.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-cm-7-4-least-functionality-nist.yaml -------------------------------------------------------------------------------- /nist/system/ksp-cm-9-1-configuration-management-plan.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-cm-9-1-configuration-management-plan.yaml -------------------------------------------------------------------------------- /nist/system/ksp-cm-9-2-configuration-management-plan.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-cm-9-2-configuration-management-plan.yaml -------------------------------------------------------------------------------- /nist/system/ksp-cp-10-2-system-recovery-and-reconstitution-transaction-recovery.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-cp-10-2-system-recovery-and-reconstitution-transaction-recovery.yaml -------------------------------------------------------------------------------- /nist/system/ksp-mp-5-1-media-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-mp-5-1-media-access.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-3-cap-net-raw-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-3-cap-net-raw-block.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ac-11-sessionlock-audit-logout-scripts.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ac-11-sessionlock-audit-logout-scripts.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ac-12-1-sessions-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ac-12-1-sessions-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ac-17-3-ssh-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ac-17-3-ssh-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ac-17-4-remote-privileged-commands-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ac-17-4-remote-privileged-commands-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ac-18-1-network-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ac-18-1-network-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ac-6-1-authorize-access-to-security-functions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ac-6-1-authorize-access-to-security-functions.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ac-6-10-prohibit-non-privileged-users-from-executing-privileged-functions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ac-6-10-prohibit-non-privileged-users-from-executing-privileged-functions.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ac-6-9-auditing-use-of-privileged-functions.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ac-6-9-auditing-use-of-privileged-functions.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-12-audit-read-write-on-shell-configuration-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-12-audit-read-write-on-shell-configuration-files.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-12-audit-write-below-binary-directories.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-12-audit-write-below-binary-directories.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-12-audit-write-below-monitored-directories.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-12-audit-write-below-monitored-directories.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-12-block-modification-of-shell-configuration-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-12-block-modification-of-shell-configuration-files.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-2-3-event-logging-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-2-3-event-logging-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-3-audit-access-to-cmdline-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-3-audit-access-to-cmdline-file.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-3-audit-access-to-log-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-3-audit-access-to-log-files.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-3-audit-bash-config-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-3-audit-bash-config-files.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-3-audit-etc-dir.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-3-audit-etc-dir.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-3-block-removal-of-log-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-3-block-removal-of-log-files.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-6-1-process-integration-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-6-1-process-integration-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-6-7-permitted-actions-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-6-7-permitted-actions-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-7-audit-event-service-logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-7-audit-event-service-logs.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-au-9-audit-unauthorised-access-of-auditlog-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-au-9-audit-unauthorised-access-of-auditlog-file.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ca-3-net-icmp-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ca-3-net-icmp-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ca-3-net-tcp-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ca-3-net-tcp-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ca-3-net-udp-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ca-3-net-udp-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ca-9-audit-untrusted-read-on-sensitive-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ca-9-audit-untrusted-read-on-sensitive-files.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-cm-11-2-allow-user-installation-of-software-only-with-explicit-privileged-status.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-cm-11-2-allow-user-installation-of-software-only-with-explicit-privileged-status.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-cm-3-5-configuration-change-control-automated-security-response.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-cm-3-5-configuration-change-control-automated-security-response.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-cm-5-1-access-restrictions-for-change-automated-access-enforcement-and-audit-records.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-cm-5-1-access-restrictions-for-change-automated-access-enforcement-and-audit-records.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-cm-5-3-cm-14-signed-components.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-cm-5-3-cm-14-signed-components.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-cm-5-access-restrictions-for-change-bash-history.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-cm-5-access-restrictions-for-change-bash-history.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-cm-7-2-least-func-prevent-auto-exec-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-cm-7-2-least-func-prevent-auto-exec-block.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-cm-7-5-software-install.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-cm-7-5-software-install.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-cm-8-3-automated-unauthorized-component-detection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-cm-8-3-automated-unauthorized-component-detection.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-cm-8-7-system-component-inventory-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-cm-8-7-system-component-inventory-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-cp-2-8-critical-system-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-cp-2-8-critical-system-files.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ia-3-3-dynamic-address-allocation-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ia-3-3-dynamic-address-allocation-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ia-3-4-device-attestation-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ia-3-4-device-attestation-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-mp-7-media-use.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-mp-7-media-use.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-pam-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-pam-files.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-pe-7-access-control-for-output-devices.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-pe-7-access-control-for-output-devices.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-ps-5-personnel-transfer.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-ps-5-personnel-transfer.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-sa-10-5-developer-configuration-management.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-sa-10-5-developer-configuration-management.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-sc-13-audit-cryptograhy-key.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-sc-13-audit-cryptograhy-key.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-sc-39-2-process-isolation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-sc-39-2-process-isolation.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-sc-6-audit-resource-allocation.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-sc-6-audit-resource-allocation.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-sc24-fail-in-known-state.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-sc24-fail-in-known-state.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-si-16-memory-protection.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-si-16-memory-protection.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-si-3-8-malicious-code-protection-detect-unauthorised-command.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-si-3-8-malicious-code-protection-detect-unauthorised-command.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-si-4-create-file-in-dev-dir.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-si-4-create-file-in-dev-dir.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-si-4-detect-acess-to-cron-job-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-si-4-detect-acess-to-cron-job-files.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-si-4-detect-cron-job-process.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-si-4-detect-cron-job-process.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-si-4-detect-execution-of-network-tools-inside-container.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-si-4-detect-execution-of-network-tools-inside-container.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-si-4-detect-modify-add-cron-jobs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-si-4-detect-modify-add-cron-jobs.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-si-4-execute-package-management-process-in-container.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-si-4-execute-package-management-process-in-container.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-si-4-mkdir-bin-dir.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-si-4-mkdir-bin-dir.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-si-7-1-software-firmware-information-integrity-check.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-si-7-1-software-firmware-information-integrity-check.yaml -------------------------------------------------------------------------------- /nist/system/ksp-nist-si-7-7-software-firmware-information-integrity-detection-response.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-nist-si-7-7-software-firmware-information-integrity-detection-response.yaml -------------------------------------------------------------------------------- /nist/system/ksp-ra-5-4-vs-discoverable-information-os-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-ra-5-4-vs-discoverable-information-os-block.yaml -------------------------------------------------------------------------------- /nist/system/ksp-remote-access-audit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-remote-access-audit.yaml -------------------------------------------------------------------------------- /nist/system/ksp-sc-17-public-key-infrastructure-certificates.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-sc-17-public-key-infrastructure-certificates.yaml -------------------------------------------------------------------------------- /nist/system/ksp-sc-28-1-information-at-rest.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-sc-28-1-information-at-rest.yaml -------------------------------------------------------------------------------- /nist/system/ksp-sc-4-2-unauthorized-information-transfer.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-sc-4-2-unauthorized-information-transfer.yaml -------------------------------------------------------------------------------- /nist/system/ksp-system-information-blockwithaudit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/nist/system/ksp-system-information-blockwithaudit.yaml -------------------------------------------------------------------------------- /npm/system/ksp-block-ua-parser-js-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/npm/system/ksp-block-ua-parser-js-package.yaml -------------------------------------------------------------------------------- /pci-dss/network/cnp-egress-pci-dss-1.2.3-cardholder.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/network/cnp-egress-pci-dss-1.2.3-cardholder.yaml -------------------------------------------------------------------------------- /pci-dss/network/cnp-pci-dss-1.3.3-egress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/network/cnp-pci-dss-1.3.3-egress.yaml -------------------------------------------------------------------------------- /pci-dss/network/cnp-pci-dss-1.3.3-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/network/cnp-pci-dss-1.3.3-ingress.yaml -------------------------------------------------------------------------------- /pci-dss/network/cnp-pci-dss-10-ingress.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/network/cnp-pci-dss-10-ingress.yaml -------------------------------------------------------------------------------- /pci-dss/network/cnp-pci-dss-7.2.3-egress-default-deny.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/network/cnp-pci-dss-7.2.3-egress-default-deny.yaml -------------------------------------------------------------------------------- /pci-dss/system/ksp-pci-dss-10.2.1-audit-user-details.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/system/ksp-pci-dss-10.2.1-audit-user-details.yaml -------------------------------------------------------------------------------- /pci-dss/system/ksp-pci-dss-10.2.3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/system/ksp-pci-dss-10.2.3.yaml -------------------------------------------------------------------------------- /pci-dss/system/ksp-pci-dss-2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/system/ksp-pci-dss-2.yaml -------------------------------------------------------------------------------- /pci-dss/system/ksp-pci-dss-3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/system/ksp-pci-dss-3.yaml -------------------------------------------------------------------------------- /pci-dss/system/ksp-pci-dss-5.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/system/ksp-pci-dss-5.yaml -------------------------------------------------------------------------------- /pci-dss/system/ksp-pci-dss-7.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/system/ksp-pci-dss-7.yaml -------------------------------------------------------------------------------- /pci-dss/system/ksp-pci-dss-8-audit-utmp-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/system/ksp-pci-dss-8-audit-utmp-file.yaml -------------------------------------------------------------------------------- /pci-dss/system/ksp-pci-dss-8.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/pci-dss/system/ksp-pci-dss-8.yaml -------------------------------------------------------------------------------- /postgresql/system/ksp-postgresql-cve-2021-3677-unauthorized-modication-log-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/postgresql/system/ksp-postgresql-cve-2021-3677-unauthorized-modication-log-file.yaml -------------------------------------------------------------------------------- /python/network/cnp-python-hardening-policy-allow-only-port-110.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/network/cnp-python-hardening-policy-allow-only-port-110.yaml -------------------------------------------------------------------------------- /python/network/cnp-python-hardening-policy-allow-only-port-119.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/network/cnp-python-hardening-policy-allow-only-port-119.yaml -------------------------------------------------------------------------------- /python/network/cnp-python-hardening-policy-allow-only-port-143.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/network/cnp-python-hardening-policy-allow-only-port-143.yaml -------------------------------------------------------------------------------- /python/network/cnp-python-hardening-policy-allow-only-port-20.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/network/cnp-python-hardening-policy-allow-only-port-20.yaml -------------------------------------------------------------------------------- /python/network/cnp-python-hardening-policy-allow-only-port-23.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/network/cnp-python-hardening-policy-allow-only-port-23.yaml -------------------------------------------------------------------------------- /python/network/cnp-python-hardening-policy-allow-only-port-25.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/network/cnp-python-hardening-policy-allow-only-port-25.yaml -------------------------------------------------------------------------------- /python/network/cnp-python-hardening-policy-allow-only-port-70.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/network/cnp-python-hardening-policy-allow-only-port-70.yaml -------------------------------------------------------------------------------- /python/network/cnp-python-hardening-policy-allow-only-port-80.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/network/cnp-python-hardening-policy-allow-only-port-80.yaml -------------------------------------------------------------------------------- /python/system/ksp-cve-2021-3426-python-pydoc.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-cve-2021-3426-python-pydoc.yaml -------------------------------------------------------------------------------- /python/system/ksp-deny-rce-on-flask-app-pod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-deny-rce-on-flask-app-pod.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-cve-2021-39182.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-cve-2021-39182.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-hardening-rule-audit-cryptography-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-hardening-rule-audit-cryptography-package.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-hardening-rule-audit-django-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-hardening-rule-audit-django-package.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-hardening-rule-audit-ipaddress-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-hardening-rule-audit-ipaddress-package.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-hardening-rule-audit-jinja2-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-hardening-rule-audit-jinja2-package.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-hardening-rule-audit-pillow-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-hardening-rule-audit-pillow-package.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-hardening-rule-audit-pip.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-hardening-rule-audit-pip.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-hardening-rule-audit-pygments-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-hardening-rule-audit-pygments-package.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-hardening-rule-audit-pyyaml-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-hardening-rule-audit-pyyaml-package.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-hardening-rule-audit-requests-package.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-hardening-rule-audit-requests-package.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-hardening-rule-audit-url-lib.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-hardening-rule-audit-url-lib.yaml -------------------------------------------------------------------------------- /python/system/ksp-python-pip-cve-2019-20916.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/python/system/ksp-python-pip-cve-2019-20916.yaml -------------------------------------------------------------------------------- /ransomware/network/cnp-restrict-ingress-and-egress-traffic-Jupyter-ransomware.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/ransomware/network/cnp-restrict-ingress-and-egress-traffic-Jupyter-ransomware.yaml -------------------------------------------------------------------------------- /redis/network/cnp-redis-ingress-deny-traffic-to-port-6379.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/redis/network/cnp-redis-ingress-deny-traffic-to-port-6379.yaml -------------------------------------------------------------------------------- /redis/system/ksp-redis-hardening-rule-audit-redis-log-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/redis/system/ksp-redis-hardening-rule-audit-redis-log-files.yaml -------------------------------------------------------------------------------- /redis/system/ksp-redis-hardening-rule-audit-xautoclaim-command.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/redis/system/ksp-redis-hardening-rule-audit-xautoclaim-command.yaml -------------------------------------------------------------------------------- /stigs/network/cnp-alertsservice-port-external-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/network/cnp-alertsservice-port-external-access.yaml -------------------------------------------------------------------------------- /stigs/network/cnp-block-stig-v-230504-firewall-default-deny-all-allow-by-exception.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/network/cnp-block-stig-v-230504-firewall-default-deny-all-allow-by-exception.yaml -------------------------------------------------------------------------------- /stigs/network/cnp-ingress-v-214048-pgsql.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/network/cnp-ingress-v-214048-pgsql.yaml -------------------------------------------------------------------------------- /stigs/network/cnp-mysql-stig-v-235146.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/network/cnp-mysql-stig-v-235146.yaml -------------------------------------------------------------------------------- /stigs/network/cnp-mysql-stig-v235146-block-unused-ports.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/network/cnp-mysql-stig-v235146-block-unused-ports.yaml -------------------------------------------------------------------------------- /stigs/network/cnp-stigs-postgresql-port-external-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/network/cnp-stigs-postgresql-port-external-access.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig ubuntu-20-010137-chfn.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig ubuntu-20-010137-chfn.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010136-su.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010136-su.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010138-mount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010138-mount.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010139-umount.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010139-umount.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010148-chown.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010148-chown.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010161-sudo.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010161-sudo.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010162-sudoedit.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010162-sudoedit.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010163-chsh.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010163-chsh.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010164-newgrp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010164-newgrp.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010165-chcon.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010165-chcon.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010166-apparmor-parser.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010166-apparmor-parser.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010168-chacl.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010168-chacl.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010172-passwd.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010172-passwd.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010173-unix-update.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010173-unix-update.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010174-gpasswd.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010174-gpasswd.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010175-chage.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010175-chage.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010176-usermod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010176-usermod.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010177-crontab.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010177-crontab.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010178-pam-timestamp.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010178-pam-timestamp.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010267-sensitive-syscall.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010267-sensitive-syscall.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010297-kmod.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010297-kmod.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010298-fdisk.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010298-fdisk.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-audit-stig-ubuntu-20-010451-conf.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-audit-stig-ubuntu-20-010451-conf.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-block-stig-ubuntu-20-010419-log.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-block-stig-ubuntu-20-010419-log.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-block-stig-ubuntu-20-010422-syslog.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-block-stig-ubuntu-20-010422-syslog.yaml -------------------------------------------------------------------------------- /stigs/system/hsp-block-stig-ubuntu-20-010427-lib.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/hsp-block-stig-ubuntu-20-010427-lib.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-cassandra-stig-v-72637.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-cassandra-stig-v-72637.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-cassandra-stig-v-72663-validated-cryptographic-modules.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-cassandra-stig-v-72663-validated-cryptographic-modules.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-cassandra-stig-v-72671.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-cassandra-stig-v-72671.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-fstab-file-stig-v-230520.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-fstab-file-stig-v-230520.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-mysql-stig-v-235099-unauthorized-read-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-mysql-stig-v-235099-unauthorized-read-access.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-mysql-stig-v-235153.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-mysql-stig-v-235153.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-mysql-v-235149-mysql-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-mysql-v-235149-mysql-access.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-mysql-v-235149-mysql-network.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-mysql-v-235149-mysql-network.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-pgsql-stig-v-233616r617333-audit-non-pgsql-binaries.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-pgsql-stig-v-233616r617333-audit-non-pgsql-binaries.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-pgsql-stig-v-233616r617333-audit-pgsql-directory.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-pgsql-stig-v-233616r617333-audit-pgsql-directory.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-rhel-v-214083.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-rhel-v-214083.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-rhel-v-230530-2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-rhel-v-230530-2.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-stig-mysql-configuration-v-235114.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-stig-mysql-configuration-v-235114.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-stig-psql-v-214152.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-stig-psql-v-214152.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-stig-rhel-v-230236.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-stig-rhel-v-230236.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-stig-rhel-v-244546.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-stig-rhel-v-244546.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-stig-v-230456-detect-fchmod-process.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-stig-v-230456-detect-fchmod-process.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-stig-v-230456-detect-fchmodat-process.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-stig-v-230456-detect-fchmodat-process.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-audit-stig-v-230530-monitor-dconf-profile.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-audit-stig-v-230530-monitor-dconf-profile.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-cassandra-stig-v-72679-protet-truststore-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-cassandra-stig-v-72679-protet-truststore-file.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-log-access-cassandra-vrealize-v-72639.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-log-access-cassandra-vrealize-v-72639.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-rhel-v-230530-3.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-rhel-v-230530-3.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-V-230246-rhel-allow-only-root-access-to-log-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-V-230246-rhel-allow-only-root-access-to-log-files.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-mongodb-v-235153-limit-access-to-db-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-mongodb-v-235153-limit-access-to-db-files.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-mongodb-v-235169-limit-access-to-db-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-mongodb-v-235169-limit-access-to-db-files.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-mongodb-v-81849.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-mongodb-v-81849.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-mongodb-v-81871.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-mongodb-v-81871.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-mongodb-v-81887-restrict-access-to-config-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-mongodb-v-81887-restrict-access-to-config-file.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-mongodb-v-81887-restrict-access-to-data-directory.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-mongodb-v-81887-restrict-access-to-data-directory.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-mongodbv-235153-limit-access-to-db-logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-mongodbv-235153-limit-access-to-db-logs.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-mysql-files-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-mysql-files-access.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-mysql-v-235114-file-permission.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-mysql-v-235114-file-permission.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-psql-v-214082.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-psql-v-214082.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-rhel-v-230248.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-rhel-v-230248.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-rhel-v-230283-no-shosts.equiv-files-on-rhel8.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-rhel-v-230283-no-shosts.equiv-files-on-rhel8.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-rhel-v-230329.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-rhel-v-230329.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-rhel-v-230534-1.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-rhel-v-230534-1.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-rhel-v-230534-2.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-rhel-v-230534-2.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-rhel-v-251706.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-rhel-v-251706.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-v-230239-krb5-workstation-binary.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-v-230239-krb5-workstation-binary.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-v-230246-rhel-allow-only-root-access-to-chown-command.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-v-230246-rhel-allow-only-root-access-to-chown-command.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-v-230284-deny-access-to-shosts-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-v-230284-deny-access-to-shosts-files.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-v-230487-telnet-server-binary.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-v-230487-telnet-server-binary.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-v-230492-rsh-server-binary.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-v-230492-rsh-server-binary.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-v-230533-tftp-server-binary.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-v-230533-tftp-server-binary.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-v-230558-ftp-binary.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-v-230558-ftp-binary.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-v-235114-restrict-access-to-mysql-logs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-v-235114-restrict-access-to-mysql-logs.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stig-v-81883-restrict-access-to-config-files.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stig-v-81883-restrict-access-to-config-files.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stigs-mysql-config-directory-access.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stigs-mysql-config-directory-access.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stigs-restrict-access-to-mysql-config-directory.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stigs-restrict-access-to-mysql-config-directory.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-block-stigs-restrict-non-mysql-binaries.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-block-stigs-restrict-non-mysql-binaries.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-stig-audit-v-81883-restrict-access-to--mongodb-binaries.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-stig-audit-v-81883-restrict-access-to--mongodb-binaries.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-stig-block-mongodb-v-235169-limit-access-to-db-configuration-file.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-stig-block-mongodb-v-235169-limit-access-to-db-configuration-file.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-stig-postgres-sv-233514r617333.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-stig-postgres-sv-233514r617333.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-stig-postgres-sv-233531r617333.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-stig-postgres-sv-233531r617333.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-stig-v-230456-detect-chmod-process.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-stig-v-230456-detect-chmod-process.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-stigs-postgresql-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-stigs-postgresql-config.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-stigs-postgresql-console.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-stigs-postgresql-console.yaml -------------------------------------------------------------------------------- /stigs/system/ksp-stigs-postgresql-private-keys.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/stigs/system/ksp-stigs-postgresql-private-keys.yaml -------------------------------------------------------------------------------- /wordpress/system/ksp-wordpress-packages-process-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/wordpress/system/ksp-wordpress-packages-process-block.yaml -------------------------------------------------------------------------------- /wordpress/system/ksp-wordpress-wp-cli-block-users.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/wordpress/system/ksp-wordpress-wp-cli-block-users.yaml -------------------------------------------------------------------------------- /wordpress/system/ksp-wordpress-wp-config-block.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubearmor/policy-templates/HEAD/wordpress/system/ksp-wordpress-wp-config-block.yaml --------------------------------------------------------------------------------