search

decalage2 / awesome-security-hardening

A collection of awesome security hardening guides, tools and other resources
5.37k stars 568 forks source link

add Kubernetes resources #85

Open decalage2 opened 1 year ago

decalage2 commented 1 year ago

https://github.com/jatrost/awesome-kubernetes-threat-detection

Hardening

[Securing Kubernetes Applications by Crafting Custom Seccomp Profiles](https://www.youtube.com/watch?v=alx38YdvvzA&list=PLj6h78yzYM2MCEgkd8zH0vJWF7jdQ-GRR&index=14)
[The Hitchhiker's Guide to Pod Security](https://www.youtube.com/watch?v=gcz5VsvOYmI&list=PLj6h78yzYM2MCEgkd8zH0vJWF7jdQ-GRR&index=236)
[You and Your Security Profiles; Generating Security Policies with the Help of eBPF](https://www.youtube.com/watch?v=EhQI1qPVb0E)
[Using the EBPF Superpowers To Generate Kubernetes Security Policies](https://m.youtube.com/watch?v=3dysej_Ydcw)
[Komrade: an Open-Source Security Chaos Engineering (SCE) Tool for](https://www.youtube.com/watch?v=9uzexriaXj4&list=PLj6h78yzYM2MCEgkd8zH0vJWF7jdQ-GRR&index=47)

Hardening

[NSA Kubernetes Hardening Guide](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF)
[Securing Kubernetes Clusters by Eliminating Risky Permissions](https://www.cyberark.com/threat-research-blog/securing-kubernetes-clusters-by-eliminating-risky-permissions/)
[Container security fundamentals: Exploring containers as processes](https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-1/)
[Kubernetes Security Checklist](https://kubernetes.io/docs/concepts/security/security-checklist/)
[Under-documented Kubernetes Security Tips](https://www.macchaffee.com/blog/2022/k8s-under-documented-security-tips/)

Hardening

[seccomp](https://kubernetes.io/docs/tutorials/security/seccomp/) - "can be used to sandbox the privileges of a process, restricting the calls it is able to make from userspace into the kernel."
[AppArmor](https://kubernetes.io/docs/tutorials/security/apparmor/) - "AppArmor is a Linux kernel security module that supplements the standard Linux user and group based permissions to confine programs to a limited set of resources. AppArmor can be configured for any application to reduce its potential attack surface and provide greater in-depth defense."
[Kubernetes Network Policy Recipes](https://github.com/ahmetb/kubernetes-network-policy-recipes)